Story image

Carbon Black adds MITRE ATT&CK feeds to security products

04 Dec 18

Endpoint security company Carbon Black has announced that it delivered zero delayed detections and zero tainted detections in the MITRE Corporation's Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) assessment.

The MITRE assessment tests the ability to quickly detect specific adversary tactics and techniques as captured in the ATT&CK knowledge base.

The evaluations for this initial testing period used a MITRE-developed APT3 emulation plan on behaviour detection, telemetry and enrichment, among other elements.

In the assessment, CB Response demonstrated it could automatically detect and display adversarial behaviours without humans-in-the-loop across the entire MITRE ATT&CK Matrix, which includes: initial access, execution, privilege escalation, defence evasion, credential access, discovery, lateral movement, collection, exfiltration and command and control.

Carbon Black chief technology officer Scott Lundgren says, "We're proud to be among the initial vendors evaluated by MITRE and we're extremely proud of these results.”

"Objective, transparent and open testing is critical as a means of driving the industry forward, and the MITRE ATT&CK framework offers a critical look at how real-world attacks play out.”

MITRE evaluations program lead engineer Frank Duff says, "We're very pleased with the participation in our first round of ATT&CK-based evaluations.”

"Effective cybersecurity can't be done alone. We look forward to continued collaboration with the industry to help vendors understand their capabilities against known adversary behaviours, and empower customers to more effectively buy and deploy these security solutions."

MITRE ATT&CK threat intelligence feeds for CB Response and CB ThreatHunter

In conjunction with the assessment results, Carbon Black announced it has added MITRE ATT&CK threat intelligence feeds to CB Response and CB ThreatHunter to deliver new behaviour-based threat intelligence to customers.

Carbon Black's MITRE ATT&CK feeds combine Carbon Black's unfiltered endpoint data collection and a collection of adversary techniques to simplify threat detection and threat hunting.

The new threat feeds map directly to the various attack tactics outlined by MITRE.

"By adding ATT&CK threat intelligence feeds to Cb Response and Cb ThreatHunter, organisations now have an unfiltered view into all endpoint activity viewed through the lens of attack building blocks and behaviours noted by MITRE. We believe this results in more comprehensive and advanced threat hunting capabilities for security professionals," says Lundgren.

"The ATT&CK threat intelligence feeds directly integrate detection of ATT&CK tactics and techniques into the CB Response and CB ThreatHunter products, underscoring Carbon Black's commitment to ATT&CK and other open standards and frameworks."

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.