Cyber threats will never go away, especially as cybercriminals are becoming increasingly clever with their attacks.
One of the biggest changes in the threat landscape is attacks are becoming more premeditated and targeted, focusing on reconnaissance and weaponization techniques. MITRE Engenuity LLC created the Center for Threat-Informed Defense, a non-profit created to advance threat-informed defense globally. Fortinet Inc, one of its research partners, collaborates with the center on its research, funding and action plans on how to best identify and disrupt adversary behavior.
“Imagine the sort of MITRE attack knowledge base — that matrix that everybody’s familiar with is like the game board for the adversary,” said Jon Baker (pictured, right), co-founder and director of the Center for Threat-Informed Defense at MITRE. “We want to take safe spaces off the game board. We want to make it harder for adversaries to achieve their goals. We want to, as we go, create risk for the adversary. Ultimately, it’s about trying to bring balance to that equation between defense and being informed.”
Baker and Derek Manky (left), chief security strategist and global vice president of threat intelligence at Fortinet, spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed actional threat intelligence, collaboration between the public and private sectors and the new “Attack Flow” project. (* Disclosure below.)
Understanding your adversaries
Organizations have recently shifted from chasing indicators to trying to understand adversary behaviors and figure out how to defend against such behaviors. The creation of MITRE’s Attack Flow seeks to do just that, creating a model that captures and describes sequences of adversary behaviors.
“It allows you to start to leverage that corpus of flows and do things like predictive intelligence to understand, ‘If I’m doing threat hunting, what should I look for next?’” Baker said. “It should allow us to create much more resilient detection capabilities. So, instead of focusing on detecting a particular IOC or one specific behavior, we can start to focus on detecting sequences of behaviors.”
One of the biggest goals of the Center for Threat-Informed Defense is to encourage more collaboration between professionals — working closely with the rest of the industry and bringing security teams from around the world together to create practical solutions — and making cybersecurity more efficient for everyone. Collaboration between the public and private sectors is especially important, with the unification of data being extremely critical.
“Everybody has different use cases. You must be able to articulate that. You must be flexible. You have to respect privacy, of course, and do all those things,” Manky said. “We need to break down silos — siloed sharing efforts that are happening out there. So, we need to enable private-to-private sector sharing. We do that through our fabric ecosystem, as an example of Fortinet, but public and private as well too — all the way up to law enforcement prosecutions. We’ve said we can’t arrest our way out of this problem, but it’s all part of the ecosystem.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the RSA Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.