Blog

Threat Based Security 101

We’re all worn down by doom and gloom stories of cyber threats and compromises. The enormity of the cyber threat landscape is simply overwhelming. However, by taking a threat-based security approach to cybersecurity readiness, organizations can write a new future.

Since 99% of vulnerabilities never turn into exploits, cybersecurity programs should narrow their focus to improving performance against the techniques that adversaries are actually using. The MITRE ATT&CK framework, paired with a breach and attack simulation (BAS) tool, enables comprehensive testing of your cybersecurity systems against these adversary threats. This approach enables organizations to find and fix unknown issues before a breach occurs.

Tune in to part two of SightGain’s Cybersecurity Readiness Principles Series to find out how you can use the MITRE ATT&CK framework to test against the threats targeting your business. Watch the video below for a deep dive into threat-based security.

Learn More:

Cyber Readiness Approach First Principles: Cybersecurity Protection

Cybersecurity Fundamentals: The Anatomy of Cyber Defense

Cyber Readiness 101 – How to Measure Cybersecurity Performance on Production

Video Transcript

Timestamps
0:00 Intro
0:54 Readiness Approach
1:19 Focus On The Threat
1:35 The MITRE ATT&CK Framework
2:06 Challenges to Overcome
2:29 Cybersecurity Goals

We hear doom and gloom in about threats and compromises all the time. Spending is up, well the cost of compromising is going up even faster.

So what’s the good news? The good news is we know what the techniques the adversaries are using and we can test against those, and run a couple thousand different techniques across our systems on an ongoing basis as we learn more about what we’re doing and what the adversary is doing.

0:54 Threat-Based Security: Cybersecurity Readiness Approach

For the last 20 years, cybersecurity has been focused on patches and compliance checklists. However, the funny thing is red teams and pen test teams still get through almost 100% of the time. Why? Because cybersecurity programs are focused on the wrong things instead of focusing on the things we have been able to do, we should be focusing on what the adversary is actually doing, and by so doing, we can dramatically increase performance by upwards of 100-200% at the same time reducing costs.

We work with large organizations that are spending millions of dollars every year on their cybersecurity. In every single engagement, we found significant gaps in their performance because they’re simply not testing against the adversary tactics.

1:19 Threat-Based Security: Focus On The Threat

By testing against what the adversary is actually using, you can make rapid improvements and know that you’re protected against the adversary tactics that you face on a daily basis.

1:35 The MITRE ATT&CK Framework

There’s been rapid innovation over the last few years and understanding and articulating what the adversary is doing. The industry has started to settle on the MITRE attack framework. We use it because it provides a comprehensive way to articulate the techniques and understand how the adversary is doing, and where they are within the life cycle of their attack. Something we call the kill-chain in the military.

This framework describes how the adversary moves from the initial compromise, oftentimes a phishing email that comes in, all the way to how they get to your data or have an impact to your system as they ex-fill and take away the data that they’re looking for.

2:06 Threat-Based Security: Challenges to Overcome

Well, it’s easy to say, test against the techniques that are out there, make sure that you do it. It’s been a manual process until now. Some recent innovation, the breach and attack marketplace automate red team sort of actions. In so doing, we can map not only the techniques from MITRE attack but map those to your performance within your cybersecurity system. These tools enable comprehensive testing of your cybersecurity systems against these adversary threats.

2:29 Cybersecurity Goals

The goal of your cybersecurity program is to protect your data, your customer’s data and to continue to deliver your mission objectives. We think it’s pretty important to test against the threats and techniques that the adversary is using. And we recommend using the MITRE attack framework and automated breach and attack platforms to ensure you can comprehensive test against these techniques in mass.

Click the link below. Find out more about how we use actual adversary techniques to test the performance of your cybersecurity systems. Subscribe, ask a question, or leave a comment below. We’ll be happy to answer them.