"Language shapes the way we think and determines what we can think about."Benjamin Lee Whorf, Famed Linguist on the Sapir-Whorf Hypothesis
MITRE ATT&CK Shapes How Security Professionals Think About Security
While linguistic theory typically focuses on natural languages and their impact on human thought, a parallel can be drawn to how security professionals describe and share knowledge to combat adversary tactics, techniques, and procedures - the language of cybersecurity attacks. With this perspective, many practitioners within the security industry advocate for a common language to describe the cybersecurity threats faced by organizations every day. The language used to describe these threats would significantly shape the way we think and determine how we approach a holistic defense. In recent years, the MITRE ATT&CK framework has increasingly become that common language. It has gained significant influence over how modern security teams describe threat actor capabilities and subsequently translate defensive ideas into action. In our experience building Red Cloak™ TDR, we have found significant benefits leveraging the ATT&CK framework language to drive innovation and develop our security analytic platform. Participating in the 2019 MITRE ATT&CK Evaluation of Red Cloak TDR advanced that goal one step further by teasing out some additional opportunities that our platform could leverage to keep our customers more secure.
2019 MITRE ATT&CK Evaluation Shines a Light...
MITRE launched the framework for ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) in 2015 to codify a common language to describe adversary actions. Today, many organizations are adopting the ATT&CK framework to better understand their coverage and explain their security program strategy. Similarly, most commercial security product vendors have shifted towards using ATT&CK to describe how they might best fi ..
Support the originator by clicking the read the rest link below.
