Prevent Breaches: The CyCognito Platform and MITRE ATT&CK 


LOGO-mitre-attackThe CyCognito platform finds the most critical exposed risks in an organization’s attack surface so that organizations can preempt attacks. This aligns well with a number of foundational steps in security frameworks. As an example, shown here is how the CyCognito platform contributes significantly to the Reconnaissance and Resource Development tactics of the MITRE ATT&CK Matrix, but also extends into other tactics of the Matrix as well.

How this Interactive Graph Works

This interactive graphical map of the MITRE ATT&CK Matrix shows where the capabilities of the CyCognito platform simulate or otherwise address ATT&CK tactics, techniques, and sub-techniques.

ORANGE = CyCognito maps significantly to the technique or sub-technique
YELLOW = CyCognito offers a complementary, incidental, or ancillary mapping
HOVERING = provides a pop-up with additional details about how CyCognito achieves/complements these objectives

How The Table Works

The table is organized by tactic, with subordinate techniques and sub-techniques. As you mouse over each technique, informative text about CyCognito platform capabilities are shown. Clicking on the comment box of a technique provides you links to the tactic or technique in the MITRE website for reference.  

The first ATT&CK Matrix tactic, Reconnaissance, is heavily related to initially identifying a target or targets and is almost entirely outside a defender’s ability to detect due to its very nature. However, by using the CyCognito platform to map an attack surface and its risks, the Reconnaissance techniques and sub-techniques are effectively “simulated” and the results provided to defenders. 

Similarly, the CyCognito platform itself represents the ATT&CK Matrix Resource Development tactic. CyCognito has done the work of resource development and uses intelligence to execute reconnaissance and detect risks with the CyCognito platform that detects tactics later in the MITRE ATT&CK framework such as Initial Access, Execution, Persistence, Privilege Elevation, Defense Evasion, Credential Access, Discovery, Lateral Movement, and Collection.

Although most of the last-stage ATT&CK Matrix tactics and techniques may not be detected by the CyCognito platform because they involve observing attack activity rather than risks, the platform can still provide important insights. Using the CyCognito platform to map, classify and security-test your attack surface, you will be informed where Initial Access, Execution and other tactics are likely to be used by attackers as a “path of least resistance,” or entry point for attack because of unintended exposures in your extended IT ecosystem. By strengthening your security posture and moving testing “to the left” in the MITRE ATT&CK Matrix, you decrease your chances of suffering a breach.

 

How We Did Our Mapping

When you view your attack surface in the CyCognito platform, you are seeing your attack surface as a sophisticated attacker would. So, to determine where the platform aligned with the MITRE ATT&CK Matrix’s standardized tactics and techniques, we simply asked the question:

“As a user of the CyCognito platform, am I able to see the same or very similar information that an attacker could obtain using this ATT&CK technique?”  

 

About MITRE ATT&CK

The MITRE ATT&CK® Matrix is a free and open knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. Organizations can use the ATT&CK Matrix in conjunction with security tools to identify indications of ongoing attacks in their networks.  

About MITRE PRE-ATT&CK

MITRE previously created and maintained a separate ATT&CK Matrix known as the PRE-ATT&CK Matrix to highlight tactics and techniques attackers would use in the earliest phases of attack planning. MITRE has subsequently folded PRE-ATT&CK tactics and techniques into the ATT&CK Matrix, primarily in the Reconnaissance and Resource Development categories.