MITRE ATT&CK®

From MITRE (https://attack.mitre.org/):

“MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.”

ATT&CK FAQ: https://attack.mitre.org/resources/faq/

Cybersecurity product companies evaluate their solutions against the ATT&CK framework to document the ways in which their solutions can address the various tactics and techniques it identifies. The ATT&CK framework enables organizations to identify the security solutions that can help them to most effectively mitigate the risks and vulnerabilities to their organization.  

FireMon has assessed Asset Manager against the ATT&CK framework to identify the elements most closely aligned with our capability set. As the preeminent enterprise discovery, visibility, and mapping solution, Asset Manager is not usually assessed against the ATT&CK framework as an endpoint detection and response (EDR) solution might. Rather, Asset Manager provides organizations with cyber situational awareness that better positions them to withstand targeting by an adversary.

In that context, Asset Manager functions as a proactive “auditor” of the enterprise, effectively using techniques similar to what an adversary might (e.g., active scanning of IP blocks, discovering network topology, identifying network boundary bridging). This provides organizations with visibility into their security stance and positions them to take action such as remediating a network misconfiguration or other network vulnerability (an unmanaged or rogue network infrastructure device, or inappropriate/leaking path for example), implementing or enhancing their current deployment of traditional EDR and HVM cybersecurity solutions.

For more information on our mapping of Asset Manager to the ATT&CK framework, please contact Support. c