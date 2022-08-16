Security teams are struggling to keep pace with the changes in their networks. Hybrid work, multi-cloud, the explosion of IoT and BYOD devices, and 5G. Meanwhile, cybercriminals have been undergoing their digital transformation. Machine learning and agile development, new sophisticated attacks, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities. A recent FortiGuard Labs threat report demonstrated that ransomware increased tenfold in the last year. Threat trends over the year continued to evolve and it is not slowing down.
Understanding the MITRE Attack Chain
Effectively defending against cyberattacks today requires security teams to work smarter rather than harder. Cybercriminal strategies target every link in an attack chain, from gathering information and gaining access, to moving laterally across the network to discover resources to target, to evading detection while exfiltrating data. Traditional security strategies, however, tend to only focus on a handful of attack components, which gives criminals a significant advantage.
To address today’s challenges, security teams need a combination of tools, strategy, automation, and skilled professionals to monitor the entire attack chain and automate as much of the process as possible so that human resources can be focused on higher order analysis and response. Choosing such tools, however, requires understanding the entire length of the attack chain and how vulnerabilities in each of its links can compromise the security of your network.
To assist with this, MITRE has mapped the attack chain into fourteen discrete links, along with examples of the types of attacks that target each link in that chain. To effectively counter today’s advanced threats, security teams need to familiarize themselves with each link in the chain and map them directly to functional areas and tools within their networks.
Understanding and Implementing The Fourteen Discrete “Links”
Work Smarter by Utilizing the MITRE Attack Chain
Addressing the entire attack chain needs to be combined with understanding how the network functions, including the impact that future business requirements will have on the network. Mapping those functions to the attack chain allows security teams to think comprehensively about security threats.
Breaking security down into the fourteen MITRE attack chain links has two goals.
At the same time, consistency in security policy implementation and enforcement across different network ecosystems is critical. For example, you should deploy the same NGFW solution in every part of your network, whether physical or virtual. This ensures that security protocols and enforcement are applied consistently and that you can monitor and manage your systems through a single central console.
Approaching Security Strategically
Of course, this strategic approach may require radically rethinking your security deployment. Tools have to be fully integrated so that the network can identify and address security threats as a unified system. A self-healing network requires security devices to share and correlate threat intelligence to identify and monitor every device, track applications, detect malware, isolate infected devices, and coordinate responses across a wide variety of network ecosystems, —from multi-cloud infrastructures, platforms, and applications, to remote workers and IoT devices, to next-gen branch offices connected to the cloud and physical resources through Secure SD-WAN. Threat intelligence and response also needs to be driven into each link in the MITRE attack chain. And where possible, AI and machine learning need to be applied so that your integrated security fabric can respond to threats at digital speeds and human resources can provide critical supervision.
The MITRE Attack Chain to Shift Proactive Thinking
A breach resulting in the loss of data can occur in minutes or hours. And yet, it can take weeks or months for most security breaches to be detected. By that time, the perpetrators and your data are long gone. The only way to get out in front of this challenge is to change from a traditional tactical approach that relies on isolated legacy security tools to an integrated strategy that enables you to see and control your entire networked environment, link by link, to identify anomalous behavior and automatically thwart attackers before they have managed to escalate themselves up the attack chain.
This is a partnered post.