MITRE's ATT&CK Framework

The MITRE ATT&CK Framework: What You Need to Know

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen. For those who are ... Read More

Mapping the ATT&CK Framework to CIS Controls

| | FIM, SCM, Security Controls
For the better part of a decade, I have spent a good amount of time analyzing security and compliance frameworks. There is beauty to be found in every one of them. Some are very high level and leave the organization to interpret how to implement the various controls, such as ... Read More

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 1 Start small. This is going to ... Read More

20 CIS Controls – Control 2: Inventory and Control of Software Assets

Today, I will be going over Control 2 from version 7 of the top 20 CIS Controls – Inventory and Control of Software Assets. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 2 Let Control 1 be a driver ... Read More

20 Critical Security Controls: Control 4 – Controlled Use of Administrative Privileges

Today, I will be going over Control 4 from version 7 of the CIS top 20 Critical Security Controls – Controlled Use of Administrative Privileges. I will go through the nine requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 4 Get this control right. Attackers ... Read More

A Look Inside the April Update to the MITRE ATT&CK Framework

The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s better is that it provides prescriptive level guidance on how to both mitigate and detect the techniques. While ... Read More

20 Critical Security Controls: Control 5 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Today, I will be going over Control 5 from version 7 of the CIS top 20 Critical Security Controls – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways ... Read More

20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs

Today, I will be going over Control 6 from version 7 of the CIS top 20 Critical Security Controls – Maintenance, Monitoring, and Analysis of Audit Logs. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 6 Logs are the ... Read More

20 Critical Security Controls: Control 7 – Email and Web Browser Protections

Today, I will be going over Control 7 from version 7 of the CIS top 20 Critical Security Controls – Email and Web Browser Protections. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 7 Why not block images from ... Read More

20 Critical Security Controls: Control 8 – Malware Defenses

Today, I will be going over Control 8 from version 7 of the CIS top 20 Critical Security Controls – Malware Defenses. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 8 Back to the basics. Install AV and run ... Read More
Loading...