February 18, 2020
Netsurion, a leading managed security service provider, today announced the integration of the MITRE ATT&CK® framework with the upcoming 9.3 release of its co-managed SIEM, EventTracker, which delivers SOC-as-a-Service (SOCaaS) by including the company’s 24/7 security operations center (SOC).
Developed by MITRE, the ATT&CK framework is a public knowledge base of adversary tactics and techniques based on real-world observations, providing a foundation for developing specific threat models and methodologies. The framework’s descriptions of tactics and techniques allow defenders to identify relationships between individual observations and known campaigns or threat actors, making it possible to block those tactics and enable more effective defense, detection, and remediation.
“We’re especially excited to provide our co-managed SIEM users with better insights into the nature of today’s cyberattacks,” said A.N. Ananth, Netsurion’s chief strategy officer. “By adopting the ATT&CK framework within our EventTracker product and services, we’re improving threat hunting and using standard vocabulary. The result is better and more comprehensive discovery of attacks that are ongoing. What’s more, we’re giving these users a big detection and investigation advantage during those first critical moments, when a problem has been discovered. And because it creates a common taxonomy for describing those attack patterns, ATT&CK makes it easier to share threat intelligence with consistency, accuracy, and increased effectiveness".
“The MITRE ATT&CK knowledge base provides a common language for the cybersecurity community to use when describing adversary behaviors,” said Jon Baker, MITRE department head for adversary emulation and orchestration. “We continue to be inspired by the ways the entire community is using ATT&CK to improve their defenses.”
“With the integration of ATT&CK into its co-managed SIEM, Netsurion is giving companies like ours a huge advantage when it comes to identifying and understanding sophisticated threats sooner and with greater accuracy than we might otherwise,” said Brad Alexander, Vice President and Chief Technology Officer at Immedion.
About EventTracker by Netsurion
Netsurion’s co-managed SIEM, EventTracker, includes key capabilities for:
- Process: Critical observation reports; SIEM administration and tuning; recurring executive reports
- People: 24/7 SOC powered by multiple threat intelligence sources
- Platform: Security information and event management (SIEM); endpoint detection and response (EDR); vulnerability assessment; user and entity behavior analysis (UEBA); compliance management
Learn more at https://www.eventtracker.com/capabilities/mitre-attack/
EventTracker 9.x Updates
MITRE ATT&CK in action
Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them. In such environments, the convergence of threat protection and network management are driving the need for greater interoperability between the NOC (network operations center) and the SOC (security operations center) as well as solutions that fuse technology and service to achieve optimal results. To this end, Netsurion has converged purpose-built network hardware, innovative security software, and flexible managed services. Netsurion’s SD-Branch solution, BranchSDO, is a comprehensive network management and security solution consisting of SD-WAN, next-gen security, cellular, Wi-Fi, and PCI DSS compliance tools and support. At the heart of the solution is the CXD, Netsurion’s SD-WAN edge appliance. Netsurion’s Security Operations solution, EventTracker, delivers advanced threat protection and compliance benefits in a variety of deployment options: a SIEM platform, a co-managed SIEM service with 24/7 SOC, and a managed SIEM for MSPs.
, Twitter: @Netsurion
, LinkedIn: https://www.linkedin.com/company/netsurion/
Deb Montner, Montner Tech PR