Intro to Enterprise Security
Enterprise cyber security has a much more complicated approach, its not just about stealing cookies or hacking WiFi, its much more than that. While the traditional cyber security approaches were meant to protect local front data, business cyber security techniques are set up to protect data as it passes between remote wireless devices and on cloud servers. This means that enterprise cyber security includes securing the on-site and cloud-based systems of your business, as well as auditing third-party providers and defending the the number of endpoints linked to your network through the Internet of Things (IoT).
What is MITRE ATT&CK?
MITRE ATT&CK is a publicly distributed knowledge base of hacker tactics and strategies focused on real-world cyber attack findings. From initial device access to data theft or computer control, they are presented in matrices ordered by attack levels. These matrices are available of Windows, mac OS, Linux, Android and iOS.
Yes basically its a database for various hacking techniques.
ATT&CK stands for adversarial tactics, techniques, and common knowledge.
Security experts love to watch the behaviors of hackers and then they try to learn from them. These researchers want to what kind of tools they use, what kind of vulnerabilities they are exploiting and much more.
Adversarial Tactics and techniques are a new approach to hacker-attacks. Instead of looking at the damage caused by an attack, or a breach detector, cyber security experts will look at the strategies and methods suggesting an attack is underway. Tactics are the reason behind the strategy of an attack. Techniques describe how an opponent accomplishes a tactical objective by performing an operation.
Why does this exist again?
The aim is to build a detailed list of current strategies and techniques of hackers used during a cyber incident. It should be able to collect a large, and ideally an extensive set of attack phases and sequences. So that they are made available to government, education, and commercial organizations. The goal of MITRE ATT&CK is to establish a standardized classification system to make interactions more precise between organisations.
How to use it?
The MITRE ATT&CK Matrix organizes all known tactics and techniques into a structure that is easy to comprehend visually. Attack methods are seen all over the top, and each column lists individual techniques. At minimum one strategy per tactic would be involved in an attack process, and a full attack pattern would be built by switching from Initial Access to Command and Control. Below is an example for Enterprises.
Matrices for Windows and other platforms can be found here https://attack.mitre.org/matrices/enterprise/
A hacker doesn’t need to use all 11 strategies around the top of the matrix. Instead of wasting his time, the hacker would use the least number of strategies to accomplish their target, as it is more effective and provides less risk of detection.
How will this be useful to enterprises?
- Emulation – can be used to create scenarios to test and defenses against common and sophisticated techniques.
- Red Teaming – can be used to create red team plans and organize operations.
- Defensive Gap Assessment – can be used as a common model to assess tools, monitoring, and mitigation of existing defenses within an organization’s enterprise.
MITRE ATT&CK has been out there for a while now, but it has recently come into the spotlight due to an increase in cyber attacks on business and other organisations. All enterprises must protect their infrastructure before its too late. Many business ignore the increase of cyber attacks until it happens to them. By the time they try to fight back, its too late.