The US Cybersecurity and Infrastructure Security Agency (CISA) has launched Decider, a free tool to help the cybersecurity community more easily map threat actor behavior to the MITRE ATT&CK framework.
Created in partnership with the US Homeland Security Systems Engineering and Development Institute (HSSEDI) and MITRE, Decider is a Web application that organizations can download and host within their own infrastructure, thus making it available to a range of users via the cloud. It's meant to simplify the often onerous process of using the framework accurately and effectively, as well as open up its use to analysts at every level in a given cybersecurity organization.
ATT&CK: A Complex Framework
ATT&CK is designed to help security analysts determine what attackers are trying to achieve and how far along they are in the process (i.e., are they establishing initial access? Moving laterally? Exfiltrating data?) It does this via a set of known cyberattack techniques and sub-techniques determined and refreshed periodically by MITRE, that analysts can map on top of what they might be seeing in their own environments.
The goal is to anticipate the bad guys' next moves and shut down attacks as quickly as possible. The framework can also be incorporated into a variety of security tools, and it provides a standard language for communicating with peers and stakeholders during incident response and forensic investigations.
That's all well and good, but the problem is that the framework is notoriously complex, often requiring a high level of training and expertise to select the correct mappings, for instance. It also continually expands, including beyond en ..
Support the originator by clicking the read the rest link below.
