ThreatQ Adds Support for Mobile and PRE-ATT&CK in Response to Rapid Customer Adoption
LONDON – 20th May 2019 – ThreatQuotient™, a leading security operations platform innovator, today announced that the ThreatQ™ integration with MITRE ATT&CK™ now includes support for PRE-ATT&CK and Mobile. Together with Enterprise ATT&CK, the three-pronged framework creates an end-to-end attack chain that examines and assesses an adversaries’ actions. Since first integrating with MITRE ATT&CK in early 2018, ThreatQuotient has helped customers integrate the framework in their workflows to achieve a holistic view of their organisation’s specific attack vectors and what needs to be done to effectively defend against adversaries.
Attacks are happening with increasing velocity, and the average cost of a data breach has risen to $3.86 million, according to the 2018 Cost of a Data Breach Study by Ponemon. As more organisations begin to accept the likelihood that they will be breached, the security industry is placing greater emphasis on technologies, tools and processes to accelerate detection and response. However, this is not always done with collaboration in mind. When combined, the ThreatQ platform and MITRE ATT&CK framework enables expansive and shared understanding across teams and technologies, allowing faster response when an event occurs.
“Every organisation can derive value from the MITRE ATT&CK framework to measure, improve and extend the capabilities of their security operations. To yield the greatest success, security teams should use the framework to have a complete understanding of what they are trying to protect against,” says Ryan Trost, CTO & Co-founder at ThreatQuotient. “Whether mapping the attack tactics or techniques against your defenses to more accurately assess your risk posture; connecting active adversaries to their own respective TTPs to ensure internal battle cards are accurate and distributed; or simply gauging your organisation’s higher probability threat risk areas and providing your red team better ‘real world’ objectives ThreatQ’s integration of the ATT&CK framework provides teams an out-of-the-box capability. As an organisation’s capacity to use ATT&CK data evolves, the ability to dig deeper into the framework will allow a company to gain even greater value...but at their own pace. This is great for the industry and will hopefully play a cornerstone role as organisations defend themselves against attacks.”
“The MITRE ATT&CK knowledge base provides a common language for the cybersecurity community to use when describing adversary behaviors,” said Katie Nickels, MITRE ATT&CK Threat Intelligence Lead. “We continue to be inspired by the ways the entire community is using ATT&CK to improve their defenses.”
ThreatQuotient has long believed that the ability to accelerate security operations starts with having a thorough and proactive understanding of the actors, campaigns and TTPs targeting an organisation. There are three main ways an organisation can use the integration of ThreatQ and MITRE ATT&CK to their advantage:
1. Reference and Data Enrichment
Aggregate data from the framework into ThreatQ and search for adversary profiles to answer questions like: Who is this adversary? What techniques and tactics are they using? What mitigations can I apply? Security analysts can use the data from the framework as a detailed source of reference to manually enrich their analysis of events and alerts, inform their investigations and determine the best actions to take depending on relevance and sightings within their environment.
2. Indicator or Event-Driven Response
Use ThreatQ to correlate data from the ATT&CK framework with incidents and associated indicators from inside the organisation’s environment. Security analysts can then automatically prioritise based on relevance to their organisation and determine high-risk indicators of compromise (IOCs) to investigate. With the ability to use ATT&CK data in a more simple and automated manner, security teams can investigate and respond to incidents and execute appropriate courses of action for more effective detection and more efficient threat hunting.
3. Proactive Tactic or Technique-Driven Threat Hunting
Pivot from searching for indicators to taking advantage of the full breadth of ATT&CK data. Threat hunting teams can take a proactive approach, beginning with the organisation’s risk profile, mapping those risks to specific adversaries and their tactics, drilling down to techniques those adversaries are using and then investigating if related data have been identified in the environment. For example, they may be concerned with APT28 and can quickly answer questions including: What techniques do they apply? Have I seen potential IOCs or possible related system events in my organisation? Are my endpoint technologies detecting those techniques?
ThreatQuotient’s Neal Humphrey, Threat Intelligence Engineer Director, North America, will host a webinar on May 22, 2019 at 2:00pmET to discuss best practices for applying the MITRE ATT&CK framework effectively and making it actionable. Registration and more information about the webinar, Combating Trisis with MITRE ATT&CK Framework, can be found here: https://www.threatq.com/mitre-webinar-na/.
ThreatQuotient’s mission is to improve the efficiency and effectiveness of security operations through a threat-centric platform. By integrating an organisation’s existing processes and technologies into a single security architecture, ThreatQuotient accelerates and simplifies investigations and collaboration within and across teams and tools, supporting multiple uses cases including incident response, threat hunting, and serving as a threat intelligence platform. Through automation, prioritisation and visualisation, ThreatQuotient’s solutions reduce noise and highlight top priority threats to provide greater focus and decision support for limited resources. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe and APAC. For more information, visit https://threatquotient.com.