Information Security News mailing list archives
Experts advocate for 'ATT&CK' as go-to framework to share threat intel
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 24 Oct 2018 05:40:28 +0000 (UTC)
https://www.cyberscoop.com/mitre-attck-framework-experts-advocate/ By Zaid Shoorbajee cyberscoop OCT 23, 2018Different cybersecurity companies have their own unique ways of talking about the threats they track. That can be frustrating when they need to share critical information about APT28, Fancy Bear, Sofacy or STRONTIUM -- all of which are names used by different companies for one prominent Russian hacking group.
Experts say that the "ATT&CK" framework -- a model for organizing detailed information about how a threat group behaves -- has been gaining in popularity and helping organizations share threat intelligence.
MITRE Corp., a federally funded nonprofit organization that manages public-private technology partnerships, started developing ATT&CK in 2013. The group says the framework has ballooned into a popular way for people performing different roles in cybersecurity to speak the same language. MITRE held its first ever ATT&CKcon on Tuesday in McLean, Virginia, where various vendors convened to discuss how the framework has streamlined their practice of threat intelligence sharing.
ATT&CK provides defenders with spreadsheet-style matrices that structure the way one can talk about an attacker’s tactics, techniques and procedures (TTP). The tables include different observable methods of persistence, exfiltration, lateral movement and other granular pieces of information.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Experts advocate for 'ATT&CK' as go-to framework to share threat intel InfoSec News (Oct 23)