Hardening defenses with MITRE ATT&CK and osquery: Lessons from Singapore Health Breach
There’s a big disconnect between best practice frameworks and the real-life nitty gritty. Many of these frameworks broadly approach the overarching principles that a robust security program should encompass and why these principles are important; however, they don’t usually say specifically what kind of attacker behavior a defender should anticipate when building their security programs, nor do they detail how an attacker would work to thwart those vaulted best practices. Often, that’s left up to the security practitioner to suss out themselves in their copious spare time.
Bridging the gap between theory and practice can be challenging even for the most seasoned security veterans, which is why we recommend enterprises take a serious look at the MITRE ATT&CK framework for guidance.
What’s MITRE ATT&CK and why is it a useful framework?
MITRE, being well-known in security circles for their vulnerability identification and threat research, created the ATT&CK framework based on all the real-world threat detail they encounter and study, which are all threats that enterprises frequently face. As such, their ATT&CK framework is grounded in practical, actionable advice and gives specific recommendations for mitigation and remediation tactics. It spans operating systems and device types, with twelve columns naming specific attack tactics frequently used against enterprises. Each of those columns then contains numerous techniques that attackers often use to carry out their tactic, and exactly how the attacker would carry out that technique.
For example, under the Privilege Escalation column, ATT&CK lists 28 possible techniques an attacker may (Read more...)
*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Maria Varmazis. Read the original post at: https://www.uptycs.com/blog/hardening-defenses-with-mitre-attck-and-osquery-lessons-from-singapore-health-breach
