McAfee announced the introduction of MITRE ATT&CK®
July 2020 by Marc Jacob
McAfee announced the introduction of MITRE ATT&CK® into McAfee MVISION Cloud, the company’s cloud access security broker (CASB), delivering a precise method to hunt, detect and stop cyberattacks on cloud services. This new integration gives security operations center (SOC) analysts a direct source of cloud anomalies and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualize security events with ATT&CK.
According to data from McAfee threat research, most enterprises face an average of 20 attack attempts per month on their cloud services. The ATT&CK integration brings cloud attacks into focus and provides the opportunity to identify gaps in protection and make policy and configuration changes directly from McAfee MVISION Cloud.
The ATT&CK integration with McAfee MVISION Cloud introduces new capabilities to mitigate the risk of cloud attacks, including the ability to:
• Break Silos: security operation center (SOC) teams can now bring pre-filtered cloud security incidents into their Security Information Event Management/Security Orchestration, Automation and Response platforms via API, mapped to the same ATT&CK framework they use for device and network threat investigation
• Advance from Reactive to Proactive: McAfee MVISION Cloud allows SOC analysts to visualize not only executed threats in the ATT&CK framework, but also potential attacks they can stop across multiple Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service environments
• Take Direct Action: McAfee MVISION Cloud now takes Cloud Security Posture Management (CSPM) to a new level, providing security managers with cloud service configuration recommendations that address specific ATT&CK adversary techniques.
With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant. Security teams using MVISION Cloud now have all of their threat incidents automatically mapped to ATT&CK, allowing them to see all cloud attacks that have been fully executed; attacks in progress in order to take action; as well as the ability to combine incidents, anomalies, threats and vulnerabilities into one holistic, familiar view.