Integrating the MITRE ATT&CK framework for cyber resilience

Anomali understands the value of using the MITRE ATT&CK Framework and has integrated threat intelligence capabilities into our solutions that map to the MITRE ATT&CK Framework. These capabilities help break down the complexity of CTI, so that threat analysis and investigations can be easily translated to inform effective defensive actions.

Anomali’s commitment to empowering security professionals to better identify and disrupt malicious activity has led to their integration of ATT&CK into their platform. Its focus on mapping techniques to actual events is key to getting ahead of the adversarial lifecycle.

Anomali prioritizes the quick identification of adversary techniques from online research from blogs, forums, and other sources through the use of Anomali Lens™, a unique technology that integrates the ATT&CK framework automatically. Lens is the first natural language processing (NLP) based web content parser that highlights all cyber threat information for further investigation. Lens scans a security report or blog, for instance, and highlights entities of interest, such as malware families based on ThreatStream instances and data sources. From the resulting data, overlapping techniques from different malware families can be identified to prioritize the building of security controls.

ThreatStream®, an Anomali technology that also works with ATT&CK to unite research, analysis, and publishing tools, speeds the detection of threats and delivers operationalized threat intelligence directly into security controls. This automation provides tremendous productivity for security analysts and enables proactive defense measures.

Using relevant threat information to understand adversarial techniques and how they are leveraged against a specific environment is another advantage of Anomali’s integration of ATT&CK. For example, if a bank sees that another financial institution has been attacked by a particular threat actor or malware family, and the security team is able to identify the attack techniques, it will improve the bank’s ability to emulate an adversary with red and blue team scenarios. Another way the Anomali platform uses ATT&CK is to build visual representations of the attack techniques. Being able to visualize threat actors and their malware and map it to the appropriate techniques is a powerful tool. Effective visuals can communicate up the chain of command to those with less technical skills the threats that are either being encountered or tracked so the organization can better take action.

Anomali integrates the world’s largest intelligence repository with an organization’s security telemetry to deliver extended detection and response capabilities that quickly uncover covert activity to stop attackers and help prevent breaches