Generic filters

MITRE ATT&CK and Automated Endpoint Remediation

September 3, 2021

MITRE ATT&CK – Is it breaking and entering even if the door is unlocked?

MITRE developed ATT&CK as a model to document and track various techniques attackers use throughout the different stages of a cyberattack to infiltrate your network and exfiltrate data. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.

MITRE ATT&CK® is a comprehensive knowledge base of observed Attacker tactics and techniques. For example, ATT&CK describes a “Drive-by Compromise” exploit as,”. . . adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user’s web browser is typically targeted for exploitation.”

How to prevent exploits by the MITRE ATT&CK technique.

Remediating endpoints per the DISA STIGs or CIS Benchmarks prevents exploits by “breaking links in the kill chain.” Continuing with the previous example, DISA’s Windows 10 STIG remediates the following browser vulnerabilities that could be exploited by the MITRE ATT&CK “Drive-by Compromise” technique:

  • V-220873, “Data Execution Prevention”
  • V-220874, “Randomize memory allocations (Bottom-Up ASLR).”
  • V-220875, “Control flow guard (CFG)”
  • V-220876, “Validate exception chains (SEHOP).”
  • V-220877, “Validate heap integrity.”

SteelCloud’s ConfigOS automates the application of the Windows 10 STIG and applies security configuration controls that protect these vulnerabilities.

How many MITRE ATT&CK techniques are there?

MITRE ATT&CK lists dozens and dozens of Attacker techniques. Conversely, applying the appropriate DISA STIG or CIS Benchmark for each application in an endpoint’s application stack will eliminate the target endpoint’s attack surface.

Addressing each application doesn’t need to be time-consuming.

Humans excel at many things: abstract reasoning, experimentation, communication; and, innovation. However, people are NOT good at tedious, repetitive tasks–Mistakes WILL BE MADE!

Automation allows consistency and repeatability of the process. For example, before using ConfigOS, one group, before becoming a SteelCloud customer, required 4 Security Engineers and 240 hours to harden their agency’s endpoints every 90 days with the release of the updated DISA STIGS.

Using ConfigOS is a win-win for everyone.

Hardening your organization’s infrastructure and maintaining STIG compliance is good cyber hygiene, basic “blocking and tackling.” Automating with ConfigOS liberates your Security Engineers and enables them to focus on higher-level cyber security project.

Learn more on how DashView will help simplify and keep your business secure.

Share This Resource: