Map these 2 security frameworks to strengthen your cyberdefense

A good cybersecurity plan exceeds its primary objective of protecting your enterprise data. It also helps you efficiently adhere to compliance requirements.

Soon, 98 commonwealth non-commercial entities defined by the Australian government might be required to add Essential Eight to the list to their compliance mandates. With the number of cyberattacks increasing daily, it's best to be equipped with a defense strategy based on a comprehensive and up-to-date knowledge repository like the MITRE ATT&CK framework.

What if I told you there was a way to secure your organization and achieve the best of both worlds?

Our free, new e-book, Essential Eight explained, shows how you can correlate both to create a cyberdefense strategy that works best for you. (It will be published in a few weeks. Keep an eye out for your free copy!)

Here's a glimpse at the questions we'll explore in our new e-book:

What is the Essential Eight maturity model?

The Essential Eight is a set of eight cybersecurity guidelines from the Australian Cyber Security Centre (ACSC) that help organizations classify themselves on their cybersecurity maturity. Four levels, from 0 to 3, are based on the increasing level of risks posed by threat actors to carry out cyberattacks against organizations.

While level zero is where most start, level 3 is where all organizations should aim to be. Each level has customized requirements for all eight controls. To move from one level to another, an organization must comply with the requirements for all the eight measures listed for their current level.

You can learn more about the Essential Eight maturity model and the four levels through our blog on the subject.

What is the MITRE ATT&CK framework?

The MITRE ATT&CK framework is an up-to-date repository of various techniques and tactics used by adversaries to compromise and attack systems. It is arranged in the form of a matrix where each tactic has several techniques and sub techniques listed under it. This matrix cites the possible reasons for an adversary to attack as well as the tactics they might deploy.

Organizations can use this framework to gauge adversary behavior during an attack and set up security controls in place to combat it.

(Want to explore the MITRE ATT&CK framework in detail? Check out our e-book on the subject to learn more.)

Why map both of these frameworks?

While the Essential Eight maturity model helps organizations categorize themselves into various risk levels and adopt security measures based on adversary behavior, the MITRE ATT&CK framework helps enterprises gain an in-depth understanding of the attacker's kill chain for every possible attack. Combining both helps you create a customized risk-based approach to combat the cyberattack vulnerabilities of your organization.

How do you map the MITRE ATT&CK framework with the Essential Eight maturity model?

Here, we'll use the example of lateral movement, a critical tactic employed by adversaries to pivot and move across an organization's network. It's usually hard to detect these lurkers. Let's see how mapping helps.

We've ranked the techniques listed in lateral movement across three levels: low, medium and high. These correspond to Level 1, 2, and 3 in the maturity model framework based on their reliance on public tools and the effectiveness of their attack techniques. Like the maturity model, the higher the number, the more risk to an organization. Level 1 stands for low risk, where the adversary uses predictable, publicly available tools on a wide range of victims, a mass phishing email, for example. Level 3 stands for high risk, where the adversary uses specific tools targeting a particular set of people. We will confine our example to Level 3, which relates to the highest risks.

Lateral movement techniques that fall under Level 3:

• Exploitation of remote services
• Remote services
• Use of an alternate authentication method

These techniques are ranked "high" because they require additional coding knowledge and hacking expertise. To exploit a remote service or connection, the attacker must be able to identify vulnerabilities in the program, service, or operating system and take advantage of these to execute malicious code. This requires a good knowledge of malcode development and execution.

What do organizations stand to gain through this exercise?

They enlist mapping strategies to thwart threat actor tactics that target their organization. Using this methodology helps security teams identify the various attacks and techniques used by cybercriminals, as well as:

• Gain insights about their cyber risk levels, so they can develop and implement an appropriate cybersecurity plan
• Identify possible loopholes in their network and actively address them.
• Detect the indicators of compromise (IOC) in your organization.
• Configure alerts for IOCs and implement appropriate incident response measures.

Would you like to see the other techniques in lateral movement mapped out for you? You can explore this and more in our e-book, set to go live in October.