D3 Security Creates First Proactive Response Platform Using MITRE ATT&CK Framework

By Walker Banerd July 24, 2019 news

VANCOUVER, British Columbia–D3 Security, an innovator in security orchestration, automation and response (SOAR) technology, has released ATTACKBOT, a unique solution that utilizes the MITRE ATT&CK framework to identify and address the entire kill chain of complex attacks. ATTACKBOT is a significant enhancement to existing SOAR capabilities that allows organizations to predict attacker behavior and focus remediation efforts effectively for more conclusive incident response. ATTACKBOT streamlines the identification of incidents by allowing security teams to monitor attack progress in real time, correlate incidents with known adversary behaviors, and take appropriate action with the assistance of decision-tree-based playbooks.

ATTACKBOT delivers proactive intervention against ongoing attacks by treating every event as a link in a large chain of adversarial intent instead of solely isolated incidents. By enabling visualizations of what the attack is and how far it has progressed, organizations are able to proactively intervene before the kill chain is complete.

“As Sherlock Holmes once said, ‘There is a strong family resemblance about misdeeds, and if you have all the details of a thousand at your finger ends, it is odd if you can’t unravel the thousand and first.’ This is exactly what we are doing with ATTACKBOT,” said Gordon Benoit, President of D3 Security. “By embedding the entire MITRE ATT&CK framework, we are now able to use MITRE’s database of thousands of past attacks to assess current actions. If you uncover one step in the attack, you can predict the next one. Phishing investigations are just one of the many use cases where this rings true.”

According to the recent 2019 Verizon Data Breach Investigations Report, phishing is involved in nearly a third (32%) of all data breaches and 78% of cyber-espionage incidents. ATTACKBOT enhances phishing investigations by actively searching for steps that an adversary might take after a successful phishing attempt, such as credential dumping or querying the system registry. Rather than a SOC analyst sorting through hundreds of events to determine which computer on a network of thousands has been compromised, ATTACKBOT correlates the relevant events, narrows down the list of potentially compromised computers, and analyzes logs for evidence of compromise. Through the MITRE ATT&CK framework, ATTACKBOT can identify an adversary’s techniques and continuously survey across the D3 database and other SOAR integrations to find other traces of the kill chain.

Empowering organizations in the fight against advanced persistent threats and sophisticated adversaries is a necessity in today’s threat landscape; therefore, SOAR technology must evolve beyond the linear process of ingesting alerts and automating simple response actions. For this reason, D3 has fully embedded the MITRE ATT&CK framework into its SOAR 2.0 platform and launched ATTACKBOT. To learn more about ATTACKBOT, please read D3’s SOAR 2.0 Whitepaper here.

About D3 Security

D3 Security provides security orchestration, automation, response (SOAR) and case management solutions that are trusted by leading organizations around the world, including 100+ of the Fortune 500. Security operations and incident response teams depend on D3 SOAR to increase the speed and quality of investigations, automate incident response workflows, rapidly identify false positives, and dramatically reduce mean-time-to-respond (MTTR). D3 SOAR offers 400+ integrations and actions, including a fully automated MITRE ATT&CK Kill Chain Search that can analyze adversarial intent and predict malicious behavior by correlating security events with the world’s largest knowledgebase of cyber attack techniques and tactics. For more information, please visit https://d3security.com.

Walker Banerd

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.


Comments

comments for this post are closed