On May 18-19, the MITRE Engenuity Center for Threat-Informed Defense co-hosted an ATT&CK Workshop with Freddy Dezeure that had more than 1,800 participants representing over 75 countries from across the globe. During the workshop, we polled attendees to gain critical insights into how the ATT&CK framework is being used. Amongst what we found was that the majority of users rely on ATT&CK for detection and threat intelligence – and that much of the community is preparing for sub-technique implementation. Learn more about the poll results here. The Workshop featured 39 presentations from a wide range of ATT&CK framework users and resource developers, as well as members of the ATT&CK team at MITRE. MITRE Engenuity was honored to support this global...
MITRE Engenuity Announces ATT&CK Evaluations for ICS Vendors
Evaluations to Focus on Malware Capable of Physical Damage McLean, VA, and Bedford, MA, May 5, 2020 — MITRE’s foundation for public good, MITRE Engenuity, will conduct an ATT&CK® evaluation to assess industrial control system (ICS) cybersecurity vendors against the threat posed by Triton. This Russian-linked malware is one of the most disruptive and destructive types targeting critical infrastructure. Triton has been used to compromise industrial systems across the globe, including oil and gas and electrical plants in the Middle East, Europe, and North America. Triton targets safety systems, preventing a response to a failure, hazard, or other unsafe conditions. Triton is one of the few known malware attacks in the ICS space capable of physical destruction. The evaluations use...
APT29 ATT&CK® Evaluations Results Released
Since MITRE introduced ATT&CK in May 2015, the practitioner community has come to rely on it to enable better communications and management around cybersecurity. ATT&CK Evaluations leverages this knowledge base to provide vendors with an assessment of their capability’s ability to defend against specific adversary’s tactics and techniques, and their users with transparency around their capabilities. MITRE has just released the latest round of results for APT29. MITRE Engenuity is excited to lead the next round of evaluations Carbanak/FIN7. We will continue to build on MITRE’s established foundation as we manage the oversight of the ATT&CK Evaluation program. For additional details, contact us.
MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups
ATT&CK® Evaluations Effort to Address Threats to Financial Systems McLean, VA, and Bedford, MA, February 20, 2020 — MITRE Engenuity will assess commercial cybersecurity products against the threat posed by the groups commonly known as Carbanak and FIN7. Carbanak and FIN7 have each demonstrated the ability to compromise financial service and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally. Cybersecurity vendors may apply for an evaluation via email@example.com. The evaluations are paid for by vendors and are intended to help vendors and...
MITRE Establishes Engenuity, a Foundation to Foster Private Sector Collaboration on Critical Infrastructure
MITRE Engenuity to solve complex public challenges in cyber, 5G, and healthcare analytics McLean, Va., and Bedford, Mass., November 12, 2019 — MITRE has launched a tech foundation to advance its mission of solving problems for a safer world by working with the private sector to strengthen critical infrastructure. The foundation provides MITRE a new pathway to work with industry, academia, and other organizations beyond its work with the federal government. MITRE Engenuity is a distinct, non-profit company with a separate board of directors and private funding. “MITRE has a history of transforming cybersecurity standards, improving aviation safety, and advancing healthcare analytics through our operation of federal research and development centers,” said Jason Providakes, MITRE president and CEO. “Through...
MITRE Engenuity Announces the Center for Threat-Informed Defense
Thirteen organizations join Center as founding participants for R&D collaboration McLean, Va., November 12, 2019 — MITRE Engenuity™, a tech foundation for public good, announced today the Center for Threat-Informed Defense™, a collaboration with industry to improve cyber defense at scale through collaborative research and development. Founding Research Partners are AttackIQ, Bank of America, HCA Healthcare, and JPMorgan Chase. Founding Research Sponsors are American Express, Booz Allen Hamilton, Citi, Fujitsu, Microsoft, Red Canary, Siemens, and US Bank. The Cyber Threat Alliance joins as a founding non-profit participant. “The cybersecurity challenges that we face transcend any single organization, sector, or nation,” said Laurie Giandomenico, MITRE Engenuity CEO. “Defending against adversaries requires uniting industry across sectors to advance our abilities in threat-informed...
Interview with Richard Struse, Director, Center for Threat-Informed Defense
Hear from our Center for Threat-Informed Defense Participants
“It is a true privilege to collaborate with other leading members of the cybersecurity community and MITRE Engenuity in the Center for Threat-Informed Defense. We believe deeply in threat-informed defense and in validating those defenses using MITRE ATT&CK." Stephan Chenette, chief technology officer and co-founder of AttackIQ “CTA is proud to be a founding member of the Center for Threat-Informed Defense. While we know that certain actions can improve our collective cybersecurity, there are still problems that require research and development to get to the right answer. Since many current practices are not based on robust, empirical findings, the Center’s focused R&D efforts will help the global community address the most pressing problems.” J. Michael Daniel, president and CEO...