TEL AVIV, Israel and BOSTON, Nov. 17, 2022 /PRNewswire/ -- CardinalOps, the AI-powered detection engineering company, today announced that its security research team contributed to the development of MITRE's latest release of ATT&CK for Enterprise (v12).
The new version of ATT&CK for Enterprise contains 14 Tactics, 193 Techniques, 401 Sub-techniques, and 135 adversary Groups. CardinalOps security researcher Liran Ravich researched and documented a new sub-technique used by adversaries to bypass multi-factor authentication (MFA).
Detecting the new sub-technique, named "T1556.006: Modify Authentication Process: Multi-Factor Authentication," is an important control for implementing a zero-trust strategy. It appears in three separate tactics: Credential Access, Defense Evasion, and Persistence. Additionally, it applies to securing a range of platforms including Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, and macOS.
CardinalOps' past contributions to MITRE ATT&CK include providing "T1566.002: Phishing: Spearphishing Link" and "T1608.001: Stage Capabilities: Upload Malware." Detecting these sub-techniques is important for identifying ransomware attacks in their early stages, for example.
According to industry analyst firm ESG, 89% of organizations are now using the MITRE ATT&CK framework to reduce risk for security operations use cases, including as a guideline for detection engineering, for applying threat intelligence to alert triage, and for gaining a better understanding of adversary tactics, technique, and procedures.
In particular, ATT&CK is an essential standard framework for implementing an adversary- and threat-informed defense, whereby SecOps experts proactively identify and prioritize new detection logic based on the adversary techniques most relevant to their organizations.
As part of SOC Modernization initiatives, this approach leverages both automation and human creativity to reduce risk. It delivers a more strategic approach to strengthening your detective posture, compared to a more reactive approach which is often driven by a host of ad-hoc and constantly-changing inputs from other teams in the organization.
"We're honored to be collaborating with MITRE to strengthen ATT&CK in new ways that help the defender community – across all organizations," said Yair Manor, CTO and co-founder of CardinalOps. "Our security research team benefits from the nation-state expertise that its members have developed during their careers. We'll continue to leverage their insights to help our customers continuously measure their detection posture and eliminate detection coverage gaps with MITRE ATT&CK as the standard underlying framework."
Most security vendors pitch you on replacing your stack or adding new monitoring tools to it. CardinalOps has a more practical approach. The CardinalOps SaaS platform uses AI and automation to address some of the biggest complexity headaches that organizations have in managing their existing SOC detection solutions and operationalizing MITRE ATT&CK, without requiring them to walk away from the significant investments they've already made in their current stacks.
Our Detection Posture Management platform continuously eliminates hidden detection coverage gaps you may not even know you have, prioritized according to your business priorities and the adversary techniques most relevant to your organization. It provides visibility into your current detection posture, with metrics and board-level reporting based on the standard MITRE ATT&CK framework. Setup takes less than an hour because there are no agents to deploy and it easily connects via the native APIs of your SIEM/XDR. What's more, it helps boost your detection engineering team's productivity 10x compared to manual processes. Learn more at cardinalops.com.
For Media Inquiries:
Nathaniel Hawthorne for CardinalOps
Lumina Communications
(661) 965-0407
[email protected]
SOURCE CardinalOps
Share this article