If you want to build and maintain a heatmap of your organization’s detection coverage, it requires a mixture of art, science, and actionable transparency from your security vendors. Today, the MITRE ATT&CK Framework has become the de-facto language for how we communicate, analyze, and attribute adversary activity.
However, mobilizing the powerful framework into a living strategy against cyber threats comes with several challenges.
Common hurdles include understanding:
To help Defenders with these challenges, we have partnered with Tidal Cyber, an exciting firm focused on helping security teams achieve the benefits of threat-informed defense in a practical and sustainable way.
The Tidal Platform, which launched in August, makes it efficient to research adversary techniques using MITRE ATT&CK and easy to determine what to do about techniques you may not have defenses against. Cybereason has joined the Tidal Product Registry, which presents a visual view of our out-of-the-box detection capabilities.
With a complimentary registration to Tidal Community Edition, you can explore:
Sign up for a Tidal account and explore the platform here…
EXPLORE
Our core differentiator at Cybereason is our Operation-Centric approach. Instead of generating and surfacing individual alerts, we present a visual of the entire MalOp™ (malicious operation) from root cause across every impacted asset and user.
All of our MalOps and Suspicious Events are mapped to the MITRE ATT&CK Framework, making it easier to understand the context behind the technique, threat hunt, and pivot across data searching for behaviors.
When sharing our detections library with Tidal, we drew from all four rounds of the MITRE ATT&CK Evaluations – including our 100% prevention scores across Round 3 and 4. That is represented in the “EDR & NGAV layer” of the heatmap. Then with Cybereason XDR, we’re able to show our analytics for common IT and security technologies like Office 365, Google Workspace, Azure Active Directory, Okta, and more.
Whether you’re evaluating EDR, XDR or a Managed Detection and Response (MDR) partner, it’s increasingly important to know a vendor’s range of detection capabilities, whether it requires configuration or tuning, and what can be accomplished from a prevention or response perspective.
In the below video I am joined by Frank Duff, Tidal CIO, and Israel Barak, Cybereason CISO, for a fireside chat on the rich and ever-evolving story behind MITRE ATT&CK, how customers are maturing use of the framework, and how detections will evolve in an XDR world:
We’re very excited to launch our partnership with Tidal Cyber: check out their Community Edition and let us know how you’re mobilizing MITRE ATT&CK to track and report on your threat detection strategy.
Eric Sun is a Product Director at Cybereason, focused on helping security teams measure and improve their resilience against modern threats. Eric works closely with the Nocturnus research team and global SOCs to understand emerging attack campaigns and evolving best practices. He brings a layer of behavior analytics and risk management from his many years in Asia as a professional poker player.
All Posts by Eric Sun
While other vendors are scrambling to cherry-pick the results and spin up some clever interpretations of the MITRE ATT&CK results, Cybereason is proud to let the evaluation results speak for themselves: Cybereason demonstrated 100% Prevention, 100% Visibility, and 100% Real-Time Protection...
XDR provides security teams with comprehensive visibility across the kill chain, all without requiring security analysts and incident response teams to manually investigate a flood of individual alerts. XDR allows security trams to move detection further to the left in the kill chain to reduce dwell time and disrupt attacks earlier in the attack sequence...
