Cybersecurity First Principles #2: Threat Based Security

We’re all worn down by doom and gloom stories of cyber threats and compromises. The enormity of the cyber threat landscape is simply overwhelming. However, by taking a threat-based approach to cybersecurity, organizations can write a new future.

Since 99% of vulnerabilities never turn into exploits, cybersecurity programs should narrow their focus to improving performance against the techniques that adversaries are actually using. The MITRE ATT&CK framework, paired with a breach and attack simulation (BAS) tool, enables comprehensive testing of your cybersecurity systems against these adversary threats. This approach enables organizations to find and fix unknown issues before a breach occurs.

Tune in to part two of SightGain’s Cybersecurity Readiness Principles Series to find out how you can use the MITRE ATT&CK framework to test against the threats targeting your business. Watch the video below.

To learn more about how to improve the performance of your cybersecurity system, contact SightGain today for a demo.

Learn More

Cyber Readiness First Principles One: Be Clear on What You Are Protecting

Cybersecurity Fundamentals: The Anatomy of Cyber Defense

Cyber Readiness 101 – How to Measure Cybersecurity Performance on Production

Video Transcript


0:00 Intro

0:54 Readiness Approach

1:19 Focus on the Threat

1:35 The MITRE ATT&CK Framework

2:06 Challenges to Overcome

2:29 Cybersecurity Goals

We hear doom and gloom about threats and compromises all the time. Spending is up, while the cost of compromises is going up even faster.

So what’s the good news? The good news is we know what the techniques the adversaries are using and we can test against those, and run a couple thousand different techniques across our systems on an ongoing basis as we learn more about what we’re doing and what the adversary is doing.

0:54 Readiness Approach

For the last 20 years, cybersecurity has been focused on patches and compliance checklists. However, the funny thing is red teams and pen test teams still get through almost 100% of the time.

Why? Because cybersecurity programs are focused on the wrong things. Instead of focusing on the things we have been able to do, we should be focusing on what the adversary is actually doing, and by so doing we can dramatically increase performance by upwards of 100-200% at the same time reducing costs.

We work with large organizations that are spending millions of dollars every year on their cybersecurity. In every single engagement, we found significant gaps in their performance because they’re simply not testing against the adversary tactics.

1:19 Focus on the Threat

By testing against what the adversary is actually using, you can make rapid improvements and know that you’re protected against the adversary tactics that you face on a daily basis.

1:35 The MITRE ATT&CK Framework

There’s been rapid innovation over the last few years and understanding and articulating what the adversary is doing. The industry has started to settle on the MITRE ATT&CK framework. We use it because it provides a comprehensive way to articulate the techniques and understand how the adversary is doing, and where they are within the life cycle of their attack. Something we call the kill-chain in the military.

This framework describes how the adversary moves from the initial compromise, oftentimes a phishing email that comes in, all the way to how they get to your data or have an impact to your system as they ex-fill and take away the data that they’re looking for.

2:06 Challenges to Overcome

While it’s easy to say, test against the techniques that are out there, make sure that you do it. It’s been a manual process until now. Some recent innovation, the breach and attack marketplace, automate red team sort of actions. In so doing, we can map not only the techniques from MITRE ATT&CK but map those to your performance within your cybersecurity system. These tools enable comprehensive testing of your cybersecurity systems against these adversary threats.

2:29 Cybersecurity Goals

The goal of your cybersecurity program is to protect your data, your customer’s data, and to continue to deliver your mission objectives. We think it’s pretty important to test against the threats and techniques that the adversary is using. And we recommend using the MITRE ATT&CK framework and automated breach and attack platforms to ensure you can comprehensively test against these techniques in mass.

Click the link below. Find out more about how we use actual adversary techniques to test the performance of your cybersecurity systems. Subscribe, ask a question, or leave a comment below. We’ll be happy to answer them.