Threat-Informed Defense for the Financial Sector
Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …
August 19, 2021
Project Summary
Cyber threat detection starts with understanding the data sources and sensors that can be used to detect a given adversary TTP. Motivated by a lack of detailed data source definitions in MITRE ATT&CK® to support defensive cyber operations use cases, we wanted to greatly expand the set of data sources in ATT&CK and research creating an open data model for data sources that would enable defenders to quickly determine if they have the data necessary to detect the adversary TTPs they care about. We worked with Center participants to develop a prototype model for describing data sources, as well as identifying and documenting a set of data sources that would ultimately be contributed to the ATT&CK Data Sources project.
Problem
Existing definitions of data sources necessary to detect adversary behavior are insufficient.
Solution
Create a single, coherent and open data model for the data sources in ATT&CK and greatly expand upon those data sources.
Impact
Defenders are able to quickly determine if they have the data necessary to detect the adversary TTPs they care about.
Funding Research Participants
Explore More of Our Work:
Ambiguous Techniques
Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …
Prioritize Known Exploited Vulnerabilities
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.