Blog Post
March 15, 2023
As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.
Kovrr’s model uses the MITRE attack framework to capture the core behaviors seen by both the attacker and defender during an incident. The model captures the likely objective, and the tactics and techniques used by different adversaries to achieve an action within the company. But just as important is using MITRE to capture the defenses and controls which will disrupt or break the attack chain.
By using the MITRE framework, Kovrr is able to model realistic attack behavior based on a wide base of industry expertise and experience. By mapping the MITRE framework to common control frameworks such as CIS/NIST/ISO/etc. the model can replicate the company defenses, calculating the risk reduction already achieved from investment, plus the effectiveness of any future planned investment.
Kovrr's Quantum platform breaks down the probability of specific attack vectors affecting different asset groups or types of impact. By analyzing this data with the MITRE attack framework, a CISO can identify which adversary tactics and techniques pose the greatest threat to their organization. With this information, the CISO can determine if their current security defenses are sufficient to protect against these threats, and plan the next round of security investments.
Kovrr's platform provides a comprehensive approach to cyber threat management by aligning simulated events with the MITRE attack framework and using industry-wide frequency data to inform its approach. By analyzing this data, a CISO can determine if their current security controls are preparing them to mitigate critical vulnerabilities now and in the future. If not, the CISO can take action to address these vulnerabilities and strengthen their security controls.
Kovrr's Quantum platform enables the export of all the attack vectors, allowing a CISO to use the raw data for stakeholders. By utilizing the MITRE attack framework and Kovrr's Quantum platform, a CISO can gain a clearer understanding of their risk exposure and accurately report this to executive leaders and the board. This provides the necessary information to make informed decisions about cybersecurity investments and initiatives.
Kovrr’s model uses the MITRE attack framework to capture the core behaviors seen by both the attacker and defender during an incident. The model captures the likely objective, and the tactics and techniques used by different adversaries to achieve an action within the company. But just as important is using MITRE to capture the defenses and controls which will disrupt or break the attack chain.
By using the MITRE framework, Kovrr is able to model realistic attack behavior based on a wide base of industry expertise and experience. By mapping the MITRE framework to common control frameworks such as CIS/NIST/ISO/etc. the model can replicate the company defenses, calculating the risk reduction already achieved from investment, plus the effectiveness of any future planned investment.