TrustedSec utilizes an intelligence-driven, threat-focused approach to study intrusions from an adversary’s perspective.
TrustedSec is able to make a comprehensive evaluation of defense technologies, processes, and policies against a common enterprise adversary model. Reviewing tools in reference to pre- and post-compromise techniques brings greater awareness of what actions may be seen during a network intrusion and/or breach of business-critical data. This results in resiliency, which is the defender’s primary goal when faced with persistent adversaries that are continually evolving.
TrustedSec’s unique approach will assist in establishing how well an organization’s current arsenal of security tools should be able to detect known attack techniques, reducing the likelihood of an adversarial breach.
In the MITRE Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK™) framework, both protective and detective tools and the associated data sources they are looking at are reviewed against the individual techniques documented. The ATT&CK framework is a model for describing the actions an adversary may take while operating within an enterprise network, in addition to being an active repository of known threat actors and associated targets and techniques.
Benefits of an MITRE ATT&CK™ Path Coverage Review:
- Determine tool coverage and gaps in defense strategies
- Provide alternatives showing overlap in defense strategies whereby tools can be reduced or eliminated, saving money and effort as technology evolves
- Align monitoring and detection capabilities so the organization is focused on the appropriate areas of the network
- Increase resiliency as adversaries continually adapt their operations over time
- Connect countermeasures, weaknesses, and adversaries for a fuller picture
- Prioritize future tool development and/or acquisition efforts