MITRE ATT&CK, VERIS frameworks integrate for better incident insights>
CSO Online – Cynthia Brumfield
The ATT&CK framework is deployed as a cyber intelligence tool during or after an incident to identify the relevant adversary and reveal appropriate mitigation steps. One recent example comes from McAfee, which used ATT&CK in a case that initially started as an investigation into a suspected malware infection but ended up as a surprise discovery of a long-term cyberattack by two Chinese threat groups, APT27 and APT4.

VERIS is a broader, higher-level framework than ATT&CK that relies on an open and free repository of publicly reported security incidents. It offers incident responders the when and how of attacks.

The two organizations intend for this connectivity between ATT&CK and VERIS to give a “bi-directional mapping” that links the behaviors that adversaries use to attack systems with demographics and metadata in the hopes of giving organizations better defenses aligned with the latest threats. “Even though VERIS is relatively popular and it’s fairly useful, it doesn’t have the kind of high-level visibility that something like ATT&CK provides,” Alex Pinto, senior manager, Verizon DBIR team, tells CSO. Nevertheless, VERIS functions as a useful strategy tool, and security leaders often use it to communicate to the board, he says.

The goal is to allow defenders to create a more detailed picture of cyber incidents, encompassing the threat actor, technical behavior, targeted assets, and impact. The mapping created by this collaboration is available on GitHub for all defenders and incident responders to use.
Link: https://www.csoonline.com/article/3633662/mitre-attck-veris-frameworks-integrate-for-better-incident-insights.html