McAfee Advanced Threat Defense Incorporates the MITRE ATT&CK Framework to Help You Get the Play-by-Play Narrative on Adversaries

By on Dec 17, 2018

In the cybersecurity space, there’s a lot of talk about the “attacker advantage.” As a defender, you’re all too familiar with the concept. Every day, you and your team try to gain ground over adversaries who seem to get the jump on your defenses by exploiting the latest points of vulnerability. Gaining a better understanding of your adversaries and their work through the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework can help bolster your defenses. Available to everyone at no cost, ATT&CK is a shared knowledgebase of information about the techniques, tactics, and processes (TTPs) used in real-world campaigns.

What’s great about ATT&CK is that it not only gets into the details about how cybercriminals mastermind actual attacks, it also helps you strategize your defenses, align your security priorities, and make crucial adjustments to your arsenal. Ultimately, it helps you detect and respond more quickly and effectively when adversaries strike.

Additionally, since ATT&CK has been incorporated into security certification training courses, your junior analysts can upgrade their skill set. By gaining familiarity with the way adversaries act, your analysts can hone their threat-hunting abilities.

Another advantage is that everyone across your entire organization can speak the same language when communicating about security. The ATT&CK framework is a jargon-free zone. As a security professional, you can impart information to your peers and other stakeholders in ordinary, everyday language.

In close collaboration with the MITRE community, McAfee recognizes the value of the ATT&CK framework. With the latest release of McAfee Advanced Threat Defense, our advanced sandboxing analytics solution, we have mapped the ATT&CK framework directly to the reporting feature. McAfee Advanced Threat Defense offers a wide spectrum of easy-to-read, detailed reporting options—from summary reports for action prioritization to mapping results to the ATT&CK framework to analyst-grade malware data. We’ve made it really easy for analysts to quickly switch from identified TTPs in the McAfee Advanced Threat Defense MITRE ATT&CK report to the ATT&CK framework itself for a deeper dive into the specifics of any given attack or identified adversaries.

Apart from the all-important benefit of accelerating detection and response, incorporating the ATT&CK framework also helps analysts demystify their results when communicating with management and the executive team. When everyone uses a common framework to describe the realities of their risk, the whole organization can benefit by reaching consensus about security priorities.

To learn more about McAfee Advanced Threat Defense and the MITRE ATT&CK framework, check out these resources:

MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright ©2018 McAfee, LLC

About the Author

Ratnesh Saxena

Ratnesh Saxena is a Director of Product Management at McAfee leading the Endpoint Detection & Response and Advanced Threat Defense product lines. Mr. Saxena has over 20 years of experience at both startups and established companies in various leadership positions. He holds Bachelor’s (summa cum laude) and Master’s degrees in Computer Science from Prairie View ...

Read more posts from Ratnesh Saxena

Categories: Security Operations

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs