Manage security threats with MITRE ATT&CK Framework

Posted on

Kemp Technology Evangelist Frank Yue recently posted a blog post called What Is The MITRE ATT&CK Framework? that describes how organizations can use the MITRE ATT&CK framework to bolster their cybersecurity defenses. 

I won’t repeat all of the information in the previous blog but highlight some of the benefits that relate to how Kemp Flowmon Anomaly Detection System (ADS) implements it.

Simplified Reporting with MITRE ATT&CK Framework Mapping

Because IT networks and the applications using them are becoming increasingly complex, there are a lot of events and data streams flowing between network nodes. Interpreting any detected anomalies can be difficult for humans, even highly experienced and trained cybersecurity professions. 

Making sense of such overwhelming complexity of data requires the assistance of advanced behavioral analysis and machine learning. Kemp Flowmon ADS uses over 200 algorithms, spread over 40 detection methods, along with data from baseline behavior patterns, heuristics, and reputational databases to identify unusual behavior on a network quickly.

Detection is an essential step in stopping cyberattacks like ransomware from spreading on a network. But detection systems need to alert cybersecurity teams to the threat in a way that is understandable and easily assimilated. 

This is where Kemp Flowmon ADS excels. It maps detected anomalies to the techniques and tactics in the MITRE ATT&CK framework. This means that instead of getting a cryptic alert and needs interpreting, IT teams learn that Cyberattack Discovery behavior is occurring or that a Data Exfiltration attempt is in progress. With the detected attack vector shown on a grid that mapped to the MITRE ATT&CK framework techniques matrix. These mapped alerts can be drilled into to get more information at a deep technical level as well. 

Other Benefits of Kemp Flowmon ADS

Some of the other benefits are based around the truism that ‘You Cannot Manage and Protect What you Cannot See’. The ADS solution addresses this by providing:

  • A single source of visibility into network behavior across the whole environment.
  • Any performance degradations and deviations from the norm get highlighted immediately.
  • Get real-time data on usage, availability, and capacity.
  • Highlight bottlenecks, analyze errors, and automate anomaly detection.

The ADS solution baselines each network and then monitors it with machine learning-based pattern detection. As it is not reliant on known cyberattack signatures, it provides industry-leading protection against emerging and zero-day threats. If there is any strange behavior happening on the network, it will be detected and highlighted. Including the discovery of the addition of equipment onto the network that has nothing to do with cyber attackers, helping keep the network free of shadow IT deployments.

In early August, Kemp Product Marketing Manager Filip Černý delivered a 30-minute overview of how the Kemp Flowmon Anomaly Detection System (ADS) solution uses the MITRE ATT&CK framework, where you can find out more on the topic. View the Manage security threats with MITRE ATT&CK Framework talk on BrightTALK. You can also watch it below. 

Conclusion

Using the MITRE ATT&CK framework to shape Kemp Flowmon ADS development, and using the human-friendly categories it contains as the basis for alert reporting, provides a win for product development and for organizations using ADS to monitor and protect their networks. Watch the 30-minute webinar below for more details, read the previous MITRE ATT&CK framework overview blog, and reach out to us if you have any questions.

The weekly technical webinars continue on the Kemp BrightTALK channel. These sessions take a relevant topic in application experience, network monitoring, or cybersecurity and discuss it in the context of how Kemp & Flowmon solutions can make life better for users and systems admins. 

Posted on

Kemp Technologies

Kemp Technologies