Home News Good News for SecOps Teams! Mapping Cloud Threats to MITRE ATT&CK Gets...

Good News for SecOps Teams! Mapping Cloud Threats to MITRE ATT&CK Gets Easier

166
0
SHARE
Research Says Misconfiguration as the Primary Cloud Security Threat
SHARE

The sudden and accelerated implementation of cloud technology due to the COVID-19 pandemic can be termed as a high-risk proposition. The hurried shift towards new technologies often makes the businesses overlook the security implications and compliances associated with them. Poor configurations also create security gaps. However, cybercriminals are taking advantage of these loopholes and targeting cloud environments with customized malware, ransomware, and other types of cyberattacks.  According to  McAfee’s research, most enterprises face an average of 20 attack attempts per month on their cloud services.

Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm.

– Rajiv Gupta, Senior VP and GM, Cloud Security – McAfee

Thus, it is more essential than ever for businesses to arm their SecOps teams with a solution that enables them to manage the ‘n-number’ of security risks impacting their cloud environment. One such solution that helps the SecOps teams in mapping the cloud threats to MITRE ATT&CK, a curated knowledge base and model for noted cyber adversary behavior, is now being provided by McAfee’s MVISION Cloud.

Mapping Cloud Threats to MITRE ATT&CK

McAfee’s MVISION Cloud, a device-to-cloud cybersecurity provider has announced the integration of MITRE ATT&CK into the company’s flagship service. McAfee MVISION Cloud, also known as Cloud Access Security Broker (CASB), claims to deliver an accurate methodology to hunt, detect, and stop cyberattacks on cloud services. Being the first of its kind, this new offering from McAfee gives SecOps teams much-needed direct visibility of the source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK.

Rajiv Gupta, Senior Vice President and General Manager of Cloud Security, McAfee, said, “Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm. By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and run books to the cloud, understand and preemptively respond to cloud vulnerabilities, and improve enterprise security.”

How This Helps SecOps Teams

The ATT&CK integration with McAfee MVISION Cloud has rendered new capabilities to the SecOps teams for mitigating cloud attack risks and vulnerabilities, which include:

  • Moving from a Reactive to Proactive Approach: It allows SecOps teams to visualize not only executed threats in the ATT&CK framework, but also potential attacks that they can stop across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) environments.
  • Break Silos: SecOps teams can now bring pre-filtered cloud security incidents into their Security Information Event Management/Security Orchestration, Automation, and Response platforms via API, mapped to the same ATT&CK framework they use for device and network threat investigation.
  • Take Direct Action: Helps in fortifying Cloud Security Posture Management (CSPM) by providing security managers with cloud service configuration recommendations for SaaS, PaaS, and IaaS environments, which address specific ATT&CK adversary techniques.

With the introduction of ATT&CK into McAfee MVISION Cloud, SecOps teams will no longer be required to manually sort and map incidents to a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time-consuming. It provides the security teams with a meaningful tool that enables them to automatically map all their threat incidents to a single framework and maintain a log of the cloud attacks that have been fully executed, and also the ones that are in progress. It also has the ability to combine incidents, anomalies, threats, and vulnerabilities into one holistic, familiar view.

SHARE

Subscribe Now to receive Free Newsletter

* indicates required


By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact