What is the MITRE ATT&CK Advisor Application?
Devo’s MITRE ATT&CK Advisor empowers you to intuitively operationalize the MITRE ATT&CK Adviser and improve SOC effectiveness. By equipping Devo users with the MITRE ATT&CK Adviser within the platform, security teams are able to map their ingested data and detections to MITRE’s documented tactics and techniques for identification of crucial coverage adjustments.
SciSec, Devo’s security research team of data scientists and cybersecurity experts, created the MITRE ATT&CK Adviser as a testament of their mission to provide analysts with scalable threat management tools and methodologies to succeed at detection, investigation, and response.
What Will I be able to achieve with the MITRE ATT&CK Adviser?
-
Gain confidence by leveraging a dynamic MITRE ATT&CK coverage heat map to identify coverage gaps that may exist and fill those gaps by deploying out-of-box detections available in Devo Exchange
-
Gain visibility of all your data sources against MITRE and easily identify the techniques each source can detect and where data gaps may exist
-
Gain clarity into commonly employed techniques used by threat groups and nation state threat actors to improve detection coverage relative to your organization’s industry and geography
Overview of the Application
The Mitre Attack adviser application gives you instant visibility across all the objectives in the mitre attack framework and their corresponding tactics. With the adviser, you can look at each objective to see how many detections you have for each of the techniques across the framework. Red denotes a lack of detections for that objective or tactic, yellow denotes moderate coverage, and green means you have good coverage.
Additionally, the advisor App has Threat Group Filters that can be turned on to see what detections you have around a specific threat. You can select a threat great from the dropdown list (Hafnium is shown in the example).
This kind of visibility into your security posture around specific attacks gives you the clarity to see where your defenses are strong, and where you need to increase coverage.
Additionally, Devo has released over 200 new detections just this year and the Sci Sec team is continuing to add new detections. With Devo’s Content Manager, you can increase coverage with new detections by simply clicking a button. Simply go into the Content Manager, search the detection you are looking for and install it. Then you can see the change in your coverage in the adviser App.
Devo’s new Mitre Att&ck adviser application, and the new detections from Content Manager, is there to empower you to make the right decisions for your SOC.
How Can I access the App and Start Using it Today?
The MITRE ATT&CK app is available in Devo Exchange for all Devo customers. For more information on the app, please contact your CSM or read more about it in our documentation.
