On the last day of July, MITRE released its most recent update to the ATT&CK framework. Compared to the April 2019 update, which saw a new tactic with 14 new Techniques, the July 2019 update is relatively small and centers around restructuring Mitigation content and some minor updates to Groups and Software entries with no changes to Tactics or Techniques.
Mitigations are now their own independent category instead of being annotations on individual Techniques. The consolidated 40 Enterprise Mitigations are represented, like Groups and Software, as objects and can be related to Techniques along with an annotation. For example, Compiled HTML File has two related Mitigations, Execution Prevention and Restrict Web Based Content, while Mitigations have their own field on Technique pages:
Mitigations have the same ID scheme as Mobile Mitigations (M####). As before, different Techniques can reference the same type of Mitigation with individualized annotations, but now each Mitigation has an entry that relates back to every associated Technique. Here’s Execution Prevention as an example:
This is particularly useful to see which Techniques are addressed by a Mitigation. This allows security professionals understand coverage in terms of Mitigations without searching through Techniques individually.
A list of all the changes can be found at https://attack.mitre.org/.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Lu. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/mitre-attck-july-2019-update/