DATA SECURITY PODCAST
In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on the MITRE ATT&CK Framework and how it can better prepare industries for future attacks. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today as President and CEO Robert E Johnson, III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cybersecurity software. Robert, so great to have you back on. Welcome.
A: Hillarie, it's great to be back on your show.
Q: So, Robert, the MITRE ATT&CK framework has been discussed quite a bit lately in terms of cybersecurity. Can you explain what the MITRE model or framework is to start off?
A: Sure, the MITRE ATT&CK model was actually developed by MITRE. Now, MITRE is a government-funded organization and this was actually created back in 2013 and ever since that point, it's been updated on a fairly regular basis. When you see the "attack" in "MITRE ATT&CK" it's actually spelled A-T-T-ampersand-C-K. So, that's an acronym for "Adversary Tactics, Techniques, and Common Knowledge," so I just kind of spin through all of those real fast just to make sure we're on the same page. So the "adversary," well that's the easy part, that's the hacker, of course. That's the entity trying to infiltrate or affect our organization. Tactics, though, those are the objectives of that adversary. What are their goals? And this MITRE ATT&CK framework outlines 14 of them. So, some examples of tactics, just to kind of level set, will be things such as privilege escalation, lateral movement, execution, command and control, and perhaps even X filtration. And then, how do we accomplish that? That's the "techniques." Techniques are the methods that are used by the adversary to achieve those tactical objectives, those goals such as lateral movement. So, you know, I think that the MITRE ATT&CK model is great because it describes several techniques for each one of those tactics. And because you can expect the hackers will use a combination in a real attack. They're going to use a combination of tactics and techniques to achieve their objectives. The ampersand is easy, of course, that just stands for "and." Then finally, it ends in CK. Now, that "CK" stands for "common knowledge" and that simply means and kind of indicates that the MITRE ATT&CK framework is really a knowledge base of all the commonly known methods to implement or leverage those techniques and tactics and what we've seen in the past.
Q: Excellent so Robert, how can organizations use this framework to evaluate current defenses within their environment?
A: Well, in a nutshell, I believe organizations can use the MITRE ATT&CK model as a way to retrospectively review all of the tactics used by our adversaries and then take a step back and reflect on their protective mechanisms or mitigating controls that they haven't placed in their own organizations.
Q: So, organizations are better able to prioritize threats that occur within this framework, that's kind of what I'm hearing, but that leads me to my next question which is can they take that a step further, can they track these threats within the framework or I guess via a software?
A: Well, I get what you're saying, but not quite. Really, this framework is not so much about tracking or prioritizing threats, but I see your angle. But it's really a tool to help you understand. You almost think of it in a 360-degree view of all the ways that your infrastructure can be exploited. And then, when you drill down into those 14 main tactics, it gives you the ability to start looking at well, what are the real techniques that they will use? Or sometimes even sub techniques that they would use. So and there's a lot there, I mean I'm sure it can feel a bit overwhelming for security engineers, just to see all the myriad of ways that these threat actors can impact organizations.
So, I think the real challenge is this. There's a lot to do here, how do I select the tools that helped me mitigate threats and toward as many of those tactics as possible. And we all know that there's no silver bullet and that no single tool and do it, I mean it's going to take a mix of tools that are specific to your organization to achieve the objectives.
So, what we've done at Cimcor is we realized when we looked at the MITRE ATT&CK model and it kind of reviewed what's really happening. We realized that many of those tactics, they all start with the change or change in the state of a system. So, we really began focusing on how do we develop a tool that can identify unexpected changes to those systems or changes in state, and detecting those changes in real-time. And providing enough information that a security engineer can perform the appropriate remediation actions. Or, in many cases, our software can really perform the remediations on behalf of the engineer, if necessary. So, our tool, CimTrak, can help you thwart over half of the tactics used by the adversaries when you overlay our capabilities, with the MITRE ATT&CK model.
So, I really believe that the MITRE ATT&CK model provides the security industry this understanding, you know, all the different angles, for which a threat may occur, and we believe that CimTrak is a great way to simplify your security stack, while simultaneously hardening your infrastructure from this myriad of adversarial attacks.
Q: Excellent. Well, Robert, as always, thank you so much for coming on the show and I'm really looking forward to next time.
A: Great, I appreciate the opportunity.
June 7, 2022