
2022 Gartner® Magic Quadrant™ SIEM
Get the report
MoreNovember 24, 2020
As cloud applications and services become more and more common amongst organizations, adversaries will continue to evolve their toolset to target and penetrate cloud networks. With the rise in remote employees and teleconferencing, cloud computing for organizations has never been so important. Cloud computing can provide access to resources from all over the world, which is great for both good and bad actors. The MITRE ATT&CK Framework provides a multitude of ways to defend both cloud and on-prem infrastructures against the latest adversary tactics, techniques, and procedures (TTPs). Security teams that utilize the ATT&CK Framework will have a leg up on the bad actors and are able to measure their defenses to evolve with the constantly changing threat landscape.
MITRE is a knowledge base of adversary tactics and techniques based on real-world scenarios. This library of information is used across the cybersecurity community from the private sector to government entities. MITRE provides a visual representation of these tactics and techniques using their MITRE ATT&CK Enterprise Matrix. These tactics are structured based on the attack lifecycle from left to right – starting with Reconnaissance and ending with Impact. Each tactic is further broken down into multiple techniques and sub-techniques. These are the details and specific actions adversaries take within each tactic using real-world examples and supporting documentation.
The vast knowledge base MITRE provides is one of the many ways Sumo Logic’s Cloud SIEM content is developed. Given the amount of adversary information contained in the MITRE ATT&CK Framework, we take two main approaches when prioritizing tactics and techniques to focus on:
To measure both our MITRE ATT&CK coverage as well as tactics and techniques seen in actual customer environments, we align all our rules to MITRE. This directly ties into our content evolution when it comes to the two approaches mentioned above.
Since the gap analysis and technique frequency is a constant evolution, it's just as important to remain up-to-date as MITRE releases new versions. We recently updated our “heat map” and content alignment to take into account ATT&CK v8. Version 8, released on October 27, 2020, came with the PRE-ATT&CK migration into Enterprise-ATT&CK, which led to two new tactics being added to the framework – Reconnaissance and Resource Development. Our next priority for keeping our MITRE Framework up to date, is adding additional alignment down to the sub-technique level for our Sumo Logic Cloud SIEM content.
MITRE ATT&CK is a great framework for categorization of attack tactics, techniques, and procedures. Learn more about MITRE ATT&CK and how Sumo Logic leverages it to help secure your digital transformation.
The visual outcome of using MITRE ATT&CK to develop content is producing a heat map that outlines the techniques we have low, medium, and high coverage for. This heat map is produced using MITRE’s ATT&CK Navigator tool.
To learn more about Sumo Logic’s Cloud SIEM solution check out this overview, and to see it in action I encourage you to watch this one minute video.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial