Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Endpoint Testing via MITRE ATT&CK
In many organizations, endpoints account for most of the attack surface; therefore, logically, endpoint security remains a priority. Choosing the right solution is paramount and the decision unique to the goals and objectives of an organization. However, for all, the focus is on obtaining the maximum value from the chosen endpoint security platform by operationalizing capabilities. Forward-thinking security organizations can boost the effectiveness of their security program by using endpoint telemetry data to improve detection and response, refine threat hunting, and by integrating sensor data feeds into complementary security solutions.
Information security practitioners have often lamented that industry terms have been often left to individual interpretation as practitioners provided guidance without globally-accepted definitions.
This started to shift with Lockheed Martin’s 2011 release of the Cyber Kill Chain® -- the industry began to find common ground. Its terminology was subsequently widely adopted and started to help move the industry to a common lexicon.
Then in 2013, MITRE released Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) to catalog post-exploit techniques on enterprise systems. The ATT&CK knowledge base consists of 12 tactical categories and provides a standardized method to describe the activities of threat actors. Since the release of ATT&CK, many security solution providers and internal security organizations have adopted the information framework. In fact, many solution providers are using the ATT&CK terminology to enrich their telemetry data. Security organizations are modeling components of their security program on ATT&CK and are looking for methods to locate gaps in cyber program control coverage.
ATT&CK enterprise tactics provide:
Note: Not all possible techniques are documented, nor will they ever be.
For this year’s evaluation, nine of our partners provided their solution for hands-on testing. The evaluation emphasized detection of atomic ATT&CK techniques, in-platform threat hunting and API instrumentation. In contrast to MITRE’s own recent series of endpoint security evaluations, we placed a focus on varying technique execution verses modeling a threat actor.
Our testing goals
What we discovered
We grouped a series of techniques within the same tactical category together and staggered the automated execution of each with one-minute intervals. The tactics employed in the testing were:
Endpoint security products will react differently to the same technique with the same objective when the technique is executed in an alternate manner. This was a common theme seen across all tactic categories and across all products during testing.
Takeaways and things to remember
To get the full analysis, download our full whitepaper Endpoint Security Evaluation MITRE ATT&CK Edition.
Let us know what you need, and we will have an Optiv professional contact you shortly.