The U.S. Cybersecurity & Infrastructure Safety Company (CISA) has launched ‘Decider,’ an open-source instrument that helps defenders and safety analysts rapidly generate MITRE ATT&CK mapping stories.
The MITRE ATT&CK framework is a normal for figuring out and monitoring adversary techniques and methods based mostly on cyberattack observations, permitting defenders to regulate their safety posture accordingly.
By having a standard customary, organizations can rapidly share complete and correct details about newly found or rising threats and assist hinder their effectiveness.
CISA not too long ago revealed a “best practices” guide about MITRE ATT&CK mapping, highlighting the significance of utilizing the usual.
Decider was developed in partnership with the Homeland Safety Techniques Engineering and Improvement Institute and MITRE and was made out there without cost through CISA’s GitHub repository.
“As we speak, CISA launched Decider, a free instrument to assist the cybersecurity neighborhood map risk actor habits to the MITRE ATT&CK framework,” reads a CISA announcement.
“Created in partnership with the Homeland Safety Techniques Engineering and Improvement Institute (HSSEDI) and MITRE, Decider helps make mapping fast and correct by means of guided questions, a strong search and filter perform, and a cart performance that lets customers export outcomes to generally used codecs.”
The instrument asks user-guided questions in regards to the noticed adversary exercise and generates the corresponding MITRE ATT&CK report.
For instance, a query is likely to be “What’s the adversary attempting to do?” to which a attainable reply is “Acquire an preliminary foothold inside the setting,” which corresponds to the Preliminary Entry tactic.
The questions will proceed till a subtechnique is reached for all techniques, or a minimum of a method, in case no subtechnique matches the actual exercise.
The defender can use the generated MITRE ATT&CK report back to develop focused protection techniques or export it in frequent codecs and share it with others within the trade to forestall the proliferation of the recognized risk.
As CISA explains in a fact sheet revealed alongside the discharge of Decider, MITRE ATT&CK mapping stories may help cross to the following levels of risk response, together with:
- Visualizing the findings in ATT&CK Navigator
- Sharing the findings with others by publishing risk intelligence stories
- Discovering sensors and analytics to detect these methods
- Discovering mitigations that assist stop methods from working within the first place
- Compiling risk emulation plans to validate defenses
CISA urges the cybersecurity neighborhood to obtain and use Decider and submit their feedback, bug stories, and even function recommendations.