One of the most important things an organization can do when considering their overall attack surface is understand what type of threats may be coming. Of course, it is important to analyze attacks that have already happened to learn from and better protect for the future. But it’s also important to lean on the information shared and gathered by experts in the field to know what potential threats and attacks could happen and how to better protect the entire attack surface from those threats. Fortunately, the MITRE ATT&CK Framework helps companies do just that.
When the MITRE Pre-ATT&CK Framework was released in 2017, it offered a powerful tool in helping companies get ahead of cyberattack threats. This complemented the MITRE Enterprise ATT&CK because it helped companies not only understand the behaviors of attackers after they breached an enterprise, but also how to predict and thus protect from potential threats. In 2020, the MITRE Pre-ATT&CK combined with the Enterprise ATT&CK to give organizations a concise format for Reconnaissance, Resource Development, and Initial Access that really works, as my colleague Jim Wachhaus wrote about previously.
MITRE’s latest contribution to its list of valuable cybersecurity resources is 11 Strategies of a World-Class Cybersecurity Operations Center, a new book that guides security operation center (SOC) operators in enhancing their digital defenses. This fully revised second edition helps SOC managers, technical leads, engineers, and analysts alike improve existing SOCs or build new ones.
An effective SOC is critical to mounting a defense against the relentlessness of bad actors and threats to a company's secured networks. The newest book merges previous releases by MITRE with practices directly related to SOC management to provide an even more comprehensive view of cybersecurity.
The book is also helpful for students and IT professionals transitioning into a SOC role. See MITRE’s press release for more information and to download the book for free.