MITRE | Security Magazine

Items Tagged with 'MITRE'

ARTICLES

Less than 50% of companies have API security testing tools in place

August 23, 2023

A new survey highlights what application security professionals view as the top security risks related to Application Programming Interfaces (APIs).

Enterprise SIEMs miss 76% of all MITRE ATT&CK techniques used

Security Staff

June 29, 2023

According to industry analysts, the SIEM continues to be the "operating system of the SOC" and is not going away anytime soon.

Enterprise SIEMs detect fewer than 5 of the top 14 ATT&CK adversary techniques

Security Staff

May 18, 2022

Enterprise SIEMs contain detections for fewer than 5 of the top 14 ATT&CK techniques employed by adversaries in the wild.

CWE top 25 most dangerous software weaknesses

July 26, 2021

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.

MITRE Engenuity releases first ATT&CK evaluations for industrial control systems security tools

July 21, 2021

MITRE Engenuity released results from its first round of independent MITRE Engenuity ATT&CK Evaluations for Industrial Control Systems (ICS). The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.

NSA funds development, release of D3FEND, a cybersecurity framework

June 29, 2021

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. The National Security Agency funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base.

Cybrary and MITRE announce MAD (MITRE ATT&CK Defender)

April 1, 2021

Cybrary, and MITRE Engenuity announced a partnership to offer MITRE ATT&CK Defender (MAD), a new online training and certification solution designed to enable defenders to gain the advantage over cyber adversaries.

Enterprise SIEMs unprepared for 84% of MITRE ATT&CK tactics and techniques

February 10, 2021

Organizations invest more than $3 billion annually on SIEM software and expect this investment to result in comprehensive threat coverage. However, an analysis of live SIEM deployments across select CardinalOps customers in multiple industry verticals, including healthcare and financial services, reveals that the threat coverage remains far below what organizations expect and what SIEM and detection tools can provide. Worse, organizations are often unaware of the gap between the theoretical security they assume they have and the actual security they get in practice, creating a false impression of their security posture.

Best practices in applying MITRE ATT&CK to your organizational security

Ganesh Pai

January 29, 2021

The cybersecurity industry has embraced MITRE ATT&CK for good reason: it provides security leaders and practitioners an objective, third-party standard with which to evaluate their own detection coverage and EDR solutions. But even while they recognize the value, many organizations are unsure about what specific steps they should take to fully benefit from MITRE ATT&CK.

The MITRE Corporation has a lab in the FAA-sponsored Center for Advanced Aviation System Development FFRDC

Study finds MITRE ATT&CK improves cloud security, yet security leaders struggle to implement it

October 9, 2020

McAfee and the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) released a new research study, MITRE ATT&CK as a Framework for Cloud Threat Investigation, developed by CLTC researchers. The report focuses on threat investigation in the cloud through the lens of the most widely adopted framework, MITRE ATT&CK.