• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
  • Hosts
  • Company
    • About
    • Careers
    • Contact

Articles/ Attack Simulation/ Blue Team/ Endpoint Security/ Incident Response/ Intrusion Detection/ Security Operations/ Threat Intelligence

Using the ATT&CK Matrix in real-time to understand threats and attacks

Adrian Sanabria March 16, 2021

The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. However, we’re just starting to see the potential benefits this matrix can provide when integrated directly into security tools.

Uptycs recently announced a major release of its product that functionally and visually aligns detection results with the MITRE ATT&CK Matrix. They claim to have mapped more than 500 detection events to ATT&CK tactics and techniques, allowing them to visualize related detection signals on the matrix. While this humble rubric is little more than rows and columns, useful data can be gleaned from a quick glance.

Screenshot of Uptycs user interface

The matrix is organized in columns. As we follow these columns, left to right, we step through the natural stages of an attack, generally in the order they would appear on a timeline as the attack progressed. The matrix begins with reconnaissance. It then works through initial access techniques, which, if successful lead to persistence, exploration and lateral movement. Eventually, the matrix reaches the attacker’s endgame, which could be a ransom note, data exfiltration or simple destruction.

At a glance, the analyst can see the general stage of the attack as well as the quantity of the different attack techniques involved. This visual information is useful, as it can speed up understanding in a way that simple, text-based information can’t achieve. The power of this visualization is that it can reduce the amount of time necessary to make decisions leading to the containment and eradication of the attack. In addition, the accompanying process graph makes it possible to more quickly understand and analyze malware behavior.

We’ve come a long way from what once passed for cybersecurity visualizations. Walk into the average SOC and you might see Wargames-inspired global maps showing attack traffic in real-time. Not terribly useful for the analyst, but looked great for visitors on a tour of the SOC. Fast forward only five years and data scientists have become an integral part of most product teams, leading to more effective use of dashboards, charts, and visualizations.

MITRE ATT&CK is an excellent example of how the industry has matured into pragmatic techniques and tactics driven threat detection.

MITRE Attack Matrix for Enterprise screenshot

How far we’ve come in such a short time! To learn more about Uptycs and how they can provide your organization with improved security visibility for your endpoints, visit securityweekly.com/uptycs.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

uptrend line arrows with bar chart in stock market on blue color background

Articles /

Ransomware Damage Claims Driving Insurance Hikes

CT_web_featured_3_20_20

Attack Simulation /

How Can We Vaccinate Our Networks?

apptitude-test

Blue Team /

Diversifying Cybersecurity Talent Through Aptitude Testing

‹ How to Defend Linux from Attacks › How Cloud Defenders Thwart Attacks Against Resilient Services

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS feed RSS - Posts

Search

Latest Tweets

Tweets by @secweekly
© Security Weekly 2022
Powered by WordPress • Themify WordPress Themes