The Value of Operationalizing MITRE ATT&CK According to Splunk With Guest Speaker From IDC

The global pandemic has fueled a rapid digital transformation — and led to permanent shifts in cybersecurity. In a recent joint webinar with Bryan McAninch, senior solutions engineer at Splunk, and guest speaker Chris Kissel from IDC, "Sp(e)lunking Security with MITRE ATT&CK® featuring IDC Research," they shared seven overarching trends in cybersecurity for 2021. One notable, but foundational, trend mentioned was the need to understand risk. As home and work environments mix, it’s important to take inventory of your environment and strengthen your defenses — and understanding risks in our digital world. 

Modern security operations centers (SOCs) take this foundational step because it enables their business to reduce complexity down the line and effectively streamline and automate processes. This becomes more important than ever as IDC predicts that by 2023, a need to reduce security complexity will urge 55% of enterprises to unify their security ecosystem and platform frameworks.** Frameworks like the MITRE ATT&CK® framework allow security teams not only to investigate everyday alerts but also to respond to advanced threats, including those looming in the cloud.

The Modern SOC and MITRE ATT&CK 

Modern SOCs have many things in common, with many security teams using the MITRE ATT&CK framework to design their dashboards. The framework is based on real-world cyber-attack observations and helps teams build a narrative around an adversary’s tactics and techniques. MITRE continues to add to the framework to address emerging threats like those in the cloud, making it invaluable for organizations with hybrid and multicloud environments. 

A recent introduction to the ATT&CK framework is MITRE Shield. This can be implemented for active defense within an organization, and can help identify what to recognize in context with an adversary’s framework. SOC teams see immense benefits in aligning their environments to MITRE ATT&CK and other frameworks, particularly when they map it to the data in their environments.

Splunking Your Security with MITRE ATT&CK

Splunk and MITRE ATT&CK provide complementary solutions to a complex problem. The integration reduces complexity, enhances collaboration within security teams and validates migration and remediation capabilities. 

Analysts using Splunk Security Essentials, for example, apply visualization (such as a heat map) against the framework to better understand their environment based on the data that is active, available, or not yet available in their Splunk environment.

Within Splunk Enterprise Security (ES), analysts can use the MITRE ATT&CK framework in multiple ways. For example, analysts can find ATT&CK information when reviewing incidents, including technique descriptions, and conduct timely investigations using this information with the ES case management feature. Analysts can also create ATT&CK-focused dashboards and conduct a quick search to see if attacks, which can be categorized by the framework’s tactics and techniques, have been leveraged against the environment.

Get Started Today

Splunk and the MITRE ATT&CK framework are a perfect marriage for security teams looking to bolster their security program. Analysts can easily align tactics and techniques against their defenses, gaining visibility in the process and creating an effective security incident response program. To learn more, watch the on-demand webinar and demo featuring guest speaker IDC analyst Chris Kissel and Bryan McAninch now. Ready to take action? Sign up for a free trial of Splunk Security Enterprise

Happy Splunking!

Amy Heng

Posted by