{"id":7369,"date":"2019-08-09T23:04:58","date_gmt":"2019-08-10T06:04:58","guid":{"rendered":"https:\/\/www.acalvio.com\/?p=7369"},"modified":"2019-08-09T23:04:58","modified_gmt":"2019-08-10T06:04:58","slug":"know-your-adversary-before-they-attck","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2019\/08\/09\/know-your-adversary-before-they-attck\/","title":{"rendered":"Know Your Adversary, Before They ATT&CK"},"content":{"rendered":"

The Cyber Kill Chain<\/h3>\n

If youb\u0000\u0019re reading this blog, you likely know the basics of the cyber kill chain. You might even be able to name a few of the seven stages in the kill chain, which lays out the steps adversaries take to attack and exploit their victims. Where you might have a lot more difficulty is in explaining two things: how attackers actually execute these steps, and what youb\u0000\u0019re doing to detect and mitigate them.<\/p>\n

Too much Focus on Early Steps of the Kill Chain<\/h3>\n

At Acalvio we tend to see too much focus on the early steps of the kill chain, which detail how attackers initially get in. For example, most organizations are well-aware that phishing is a big problem, and have training and technology in place to try to deal with it. However things get dicey in the later stages, which detail how attackers establish a persistent footprint, discover sensitive data targets, and exfiltrate said data. Itb\u0000\u0019s true that certain limited technologies (e.g. endpoint detection) are gaining traction. But beyond that itb\u0000\u0019s not a pretty sight.<\/p>\n

MITRE | ATT&CK<\/h3>\n

The US Government agrees that this problem is widespread, and they tasked MITRE (the non-profit that does government-sponsored research) to tackle it. As a result, MITRE has recently published what they call ATT&CK, which is dedicated to addressing how attackers execute the post-infiltration stages of the kill chain. Crucially, ATT&CK documents exactly what tactics and techniques adversaries actually use b\u0000\u0013 itb\u0000\u0019s not a theoretical exercise. Want to know what methods you need to be able to detect and defend against? ATT&CK should be your first port of call.<\/p>\n

\"\"
\nMITRE ATT&CK focuses on the kill chainb\u0000\u0019s post-infiltration stages<\/em><\/a><\/p>\n

Acalvio ShadowPlex<\/h3>\n

Acalvio solutions were designed to handle the actual post-infiltration threats and techniques youb\u0000\u0019re likely to encounter as you try to defend your network. In fact Acalvio ShadowPlex provides capabilities relevant to 7 of the 11 tactics in the ATT&CK framework. At a high level, Acalvio delivers<\/p>\n