Articles about MITRE

The CVE (Common Vulnerabilities and Exposures) database is widely used across many cybersecurity tools, allowing the tracking of vulnerabilities.

The CVE program has been in existence for 25 years but today MITRE -- the non-profit organization which looks after the database -- has announced that its contract with the US Department of Homeland Security to operate the CVE Program hasn't been renewed.

Continue reading →

Threat intelligence is critical to protection efforts, but businesses often struggle with effective management and correlation of this data to help prioritize their efforts.

We spoke to Richard Struse, chief technology officer and co-founder of Tidal Cyber, to discuss the challenges presented when organizations scramble to update systems that aren’t actually vulnerable or stop threats that would essentially have no impact on their business.

Continue reading →

Security information and event management (SIEM) systems used by enterprises only have detections for 38 (19 percent) of the 201 techniques covered in the MITRE ATT&CK v14 framework according to a new report.

CardinalOps analyzed more than 3,000 detection rules, 1.2 million log sources and hundreds of unique log source types from real-world SIEM instances across Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.

Continue reading →

Amid a tumultuous 2023 marked by economic anxieties and rising geopolitical tensions, threat actors seized the opportunity to weaponize fear and uncertainty. While ransomware trends had previously ebbed and flowed, experiencing a 23 percent decrease in just the first half of 2022, they took a shocking turn in 2023, skyrocketing by a staggering 95 percent.

We spoke with Andrew Costis, chapter leader of the Adversary Research Team at AttackIQ, to discuss why ransomware has taken headlines by storm and how the industry can empower security teams with the tools to fight back.

Continue reading →

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Continue reading →

Cloud misconfiguration is a critical issue as it amplifies the risk of data breaches and unauthorized access. But new research from Qualys shows that many cloud deployments on major platforms are failing Center for Internet Security (CIS) benchmarks.

The report finds that on average, 50 percent of CIS Benchmarks are failing across the major providers. The average fail rate for each provider is 34 percent for AWS, 57 percent for Azure, and 60 percent for Google Cloud Platform (GCP).

Continue reading →

Security information and event management systems (SIEMs) are missing detections for 76 percent of MITRE ATT&CK techniques that adversaries use to breach their environments, according to a new report.

Produced by CardinalOps, the study analyzes real-world data from production SIEMs -- including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic -- covering more than 4,000 detection rules, nearly one million log sources, and hundreds of unique log source types.

Continue reading →

Cyberattacks are increasingly a feature of everyday life, yet many companies remain unaware of their teams' true readiness to defend against them.

Cyber defense specialist RangeForce is launching a new Defense Readiness Index (DRI), a pioneering scoring system which gauges an organization's readiness to effectively respond to the cyberattacks it is likely to face.

Continue reading →

Threat hunting takes a proactive approach to identifying the security issues an organization might face. But since it tends to be based on intelligence about current threats it can overlook new ones.

Now though Trustwave has enhanced its Advanced Continual Threat Hunting platform, offering resulting in a three times increase in behavior-based threat findings that would have gone undetected by current Endpoint Detection and Response (EDR) tools.

Continue reading →

Enterprise Security Information and Event Management (SIEM) tools are detecting fewer than five of the top 14 MITRE ATT&CK techniques employed by adversaries in the wild, according to a new report.

Analysis by AI-powered detection engineering company CardinalOps also shows SIEMs are missing detections for 80 percent of the complete list of 190+ ATT&CK techniques.

Continue reading →

A new multi-vector endpoint detection and response (EDR) solution from Qualys aims to reduce the risk of compromise with vulnerability management and patching all from a single agent.

Traditional EDR solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques -- not tactics. This means security teams are forced to rely on additional tools to strengthen their risk management.

Continue reading →

A new report produced by MITRE Engenuity and Cybersecurity Insiders seeks to understand the current state of managed services security.

It finds that while 68 percent of respondents use MSSP/MDR solutions to fill security gaps, a worrying 47 percent are not confident in the technology or the people. Also 44 percent are not confident in the managed services security processes.

Continue reading →

New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.

The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.

Continue reading →

Enterprises invest billions annually on SIEM (Security Information and Event Management) software and expect this investment to result in comprehensive threat coverage.

But a new report from AI-powered threat coverage platform CardinalOps shows that on average SIEM deployment rules miss 84 percent of the techniques listed in MITRE ATT&CK.

Continue reading →

The MITRE ATT&CK framework is now used by many organizations to help them understand and counter threats. Less well known is the latest addition, MITRE Shield.

We spoke to Carolyn Crandall, chief deception officer and CMO at Attivo Networks to find out more about how this can be used along with MITRE ATT&CK to better address adversaries.

Continue reading →