UNLEASHING THE TRUE POTENTIAL OF MITRE ATT&CK- CREATING AN ADVERSARY EMULATION PLAN WITH THE MITRE ATT&CK FRAMEWORK

| February 21, 2019

article image
Many different security frameworks exist in the world today: ISO-17799, it’s successor ISO-27000, Cobit, NIST, and others. The latest introduction, the MITRE ATT&CK framework, is giving a new perspective on the tactical needs of security operations.  Developing a solid, closed-loop defense strategy is challenging. Prior to MITRE ATT&CK, most frameworks were designed as checklists of what defenses should be in place. They provide useful guidance, but lack the dynamism of real-world security. Beyond frameworks, it’s hard to engage in defense improvement or determine quantitative, consistent results on your defense process. Even red team activities lack a unified language to describe what they do or how they do it with consistency. Without a shared vocabulary, their results are often murky and quantitatively immeasurable. The only other way to measure your defense is to catch real world attacks - a risky and ineffective defense strategy.

Spotlight

iViZ Techno Solutions Private Limited (a Cigital Company)

"iViZ is industry’s first cloud-based on-demand penetration testing service for web applications. Unlike conventional solutions, iViZ Security delivers consultant-grade quality with an on-demand experience. iViZ Security provides a hybrid solution that integrates automation with manual testing by security experts. This results in a cost-effective SaaS model to achieve zero false positives, manual expert validation, and business logic testing. The key advantages are high quality, on-demand manageability, high scalability and unmatched service to price value. iViZ's vulnerability research team is also credited with the discovery of several vulnerabilities in the security products of companies like Microsoft, Intel, HP, Symantec, Lenovo, CA, Sophos, AVG etc."

OTHER ARTICLES

How Is Covid-19 Creating Data Breaches?

Article | March 30, 2020

Trevor is working from home for the first time. He loves the freedom and flexibility, but doesn’t read his company’s new BYOD policy. Sadly, he misses the fact that his home PC is not protected with updated security software nor the latest operating system patches. Kelcie’s home PC is faster than the old work laptop that she’s been issued to use during the pandemic. She decides to use a USB stick to transfer large files back and forth between her PCs to speed things up. After a few days, she does all her work on her home PC, using a “safe” virtual desktop app. But unbeknownst to her, there is a keylogger on her home PC.

Read More

New ‘Haken’ Malware Found On Eight Apps In Google Play Store

Article | February 21, 2020

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.

Read More

How the IIoT can subdue cyber security challenges met by software adoption

Article | February 25, 2020

Matt Newton, senior portfolio marketing manager at AVEVA, discusses how IIoT can best cyber security challenges met through software adoption. According to Gartner’s 2019 Industrial IoT Platforms Magic Quadrant report, by 2023 30% of industrial enterprises will have full, on-premises deployments of IIoT platforms. IIoT platforms and software adoption is rapidly increasing – up 15% in 2019 – and this will undoubtedly continue to grow as we progress through the new decade. From enhancing operational performance to improved business processes, adopting new technology and software capabilities is vital for business success in today’s industrial sector. However, when it comes to adopting software and technology, integrating new systems with existing legacy systems in the industry can be a challenge.

Read More

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | March 17, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

Spotlight

iViZ Techno Solutions Private Limited (a Cigital Company)

"iViZ is industry’s first cloud-based on-demand penetration testing service for web applications. Unlike conventional solutions, iViZ Security delivers consultant-grade quality with an on-demand experience. iViZ Security provides a hybrid solution that integrates automation with manual testing by security experts. This results in a cost-effective SaaS model to achieve zero false positives, manual expert validation, and business logic testing. The key advantages are high quality, on-demand manageability, high scalability and unmatched service to price value. iViZ's vulnerability research team is also credited with the discovery of several vulnerabilities in the security products of companies like Microsoft, Intel, HP, Symantec, Lenovo, CA, Sophos, AVG etc."

Events