Prioritize Known Exploited Vulnerabilites
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
December 10, 2020
Project Summary
This project refined and expanded MITRE ATT&CK’s coverage of adversary behaviors in cloud environments. Through our research, we refactored and consolidated the cloud platforms into IaaS, SaaS, Office365, and Azure AD. Next, we overhauled cloud data sources to better align with enterprise ATT&CK. Finally, we expanded cloud technique coverage adding and updating existing techniques.
Problem
Defenders lack visibility into adversary behaviors in cloud technologies, leaving their organizations exposed to emerging threats.
Solution
Expand MITRE ATT&CK to describe adversary behaviors in and against Cloud technologies.
Impact
Simplified defenders use of ATT&CK by aligning ATT&CK’s coverage for Cloud TTPs with how organizations are using Cloud in their operations.
Funding Research Participants
Explore More of Our Work:
Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
Summiting the Pyramid
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Stay Informed
Sign up for the Center's "Stay Informed" newsletter to get notified for new project releases and upcoming events.