Cybereason, the XDR company, today announced the release of the Attack Flow Project in collaboration with the Center for Threat-Informed Defense. The project seeks to develop a common data format for describing sequences of adversary behavior in order to improve defensive capabilities. The Attack Flow Project will enable the broader security community to better visualize, analyze and–most importantly–share attacks sequence actions and the assets they impact, ultimately advancing our understanding of TTPs and how to detect them earlier and remediate against them faster.
The goal of the Attack Flow Project is to generate a machine-readable representation of a sequence of attacker actions and context along with specific descriptive attributes of those actions and assets composed of five main objects: the flow itself, a list of actions, a list of assets, a list of knowledge properties, and a list of causal relationships between the actions and assets.
“To help the community, we are building several tools to make working with Attack Flows easier. This includes a visualization tool, allowing users to easily communicate flows to each other and also to leadership,” said Jon Baker, Director of Research and Development at the Center. “There are a number of ways Defenders can use the Attack Flow, and it is our hope that the format becomes a standard used throughout the industry to better define use cases within threat intelligence, adversary emulation, detection, assessments, and more.”
Cybereason joined the Center as a Research Participant to conduct research and development to support further evolution of the MITRE Engenuity ATT&CK® framework, widely accepted as the foundation for a threat-informed defense approach in countering the latest techniques being leveraged by today’s most advanced threat actors. Cybereason and the Center work to provide Defenders with a deep understanding of adversary tradecraft and advances in the development of countermeasures for prevention, detection and response to complex threats.
“Defenders often have to track adversary techniques individually, meaning they can only focus on only one specific activity at a time, but adversaries use complex sequences in their attack flows to hide in the network seams and avoid detection until it’s too late,” said Sam Curry, Cybereason CSO. “Being able to understand the context and correlations across those sequences by chaining together the otherwise disparate Indicators of Behavior (IOBs), allows Defenders to surface complex attacks earlier in the attack sequence and creates the opportunity to respond faster as threats are emerging.”
It is the intention of this ongoing collaboration between the Center and Cybereason that the effort will result in a significant reduction in the mean-time-to-detect (MttD) and the mean-time-to-respond (MttR) to the most complex attacks before any material damage can occur.
Cybereason is dedicated to teaming with Defenders to end attacks across the enterprise to anywhere the battle is taking place. Contact us today to learn how your organization can benefit from the Attack Flow Project.
About the Center for Threat-Informed Defense The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.
About Cybereason Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries
Senior Director, Global Public Relations