May 18, 2021

SafeBreach Operationalizes New MITRE v9 Techniques and Sub-techniques

The MITRE ATT&CK® framework lays a solid foundation to get security teams speaking the same language, with a shared understanding of how threat actors operate in the wild. The SafeBreach Platform operationalizes the framework in several ways. SafeBreach’s MITRE ATT&CK heatmap mirrors the MITRE ATT&CK Enterprise Matrix, while providing context for each technique and tactic based on the simulation results from your environment. The interactive heatmap helps organizations quickly visualize their security posture, focus on the areas most in need of remediation, and bring security and infrastructure teams together to update security controls and more effectively harden defenses.

Image 1 – MITRE ATT&CK board in the SafeBreach Platform

In April 2021, MITRE announced several updates to their ATT&CK framework, including support for container attacks, and consolidation of IaaS platforms, amongst others. SafeBreach has updated the Hacker’s Playbook™ and MITRE ATT&CK board to include the new techniques and sub-techniques released by MITRE. Let’s look at how SafeBreach supports some of these product updates:

Support for New Container Attacks – MITRE’s support for container attacks is defined in the ATT&CK for Containers framework. This new framework includes 28 attack techniques and 19 sub-techniques mapped to orchestration-level and container-level adversary behavior. These new additions augment SafeBreach’s existing coverage of container attack techniques and sub-techniques, to allow for even more comprehensive mapping of container attack coverage.

Image 2 – MITRE ATT&CK board for Container Attacks

Image 3 – Container Attacks in the SafeBreach Hacker’s Playbook

Consolidation of Cloud Service Providers (IaaS) – With v9, MITRE has now consolidated attack techniques and sub-techniques for all cloud infrastructure providers (AWS, Azure, and GCP) into one attack matrix. This will allow for standardization of attack terminology across the various IaaS providers. The SafeBreach platform has been updated to include the newly defined and mapped attack techniques and sub-techniques, allowing users to better protect their organization against cloud-based attacks, regardless of their IaaS provider.

Image 4 – Cloud Attacks in SafeBreach Hacker’s Playbook

SafeBreach is constantly and continuously working to enhance its coverage for MITRE techniques and sub-techniques. If you’d like to learn more about how SafeBreach leverages the MITRE ATT&CK framework, we will be hosting a Demo webinar on May 25th where our experts will share tips and tricks on how your team can operationalize the MITRE ATT&CK framework (including the updates from ATT&CK v9) to validate security policy, configuration, and efficacy. Save your seat today!

Other recommended resources related to the MITRE ATT&CK framework can be found here:

Get the latest
research and news