Reputed device-to-cloud cybersecurity company McAfee has reportedly declared that it has introduced MITRE ATT&CK in its CASB (Cloud Access Security Broker), the McAfee MVISION Cloud, aiming to deliver a highly precise technique to search, detect, and put an end to cyberattacks on cloud services. This integration is bound to provide a direct source of cloud threats and vulnerabilities mapped to the techniques and tactics of ATT&CK, to the SecOps teams.
Data from McAfee research reveals that most enterprises face an average of over 485 external threat incidents on their cloud services, on a monthly basis. The ATT&CK integration will bring these cloud attacks in focus, help detect gaps in protection, and also ensure to make policy as well as configuration changes from the McAfee MVISION Cloud directly.
This integration will bring forth novel capabilities to eliminate cloud stacks and vulnerabilities:
Advance from Reactive to Proactive: This integration will enable SecOps teams to visualize executed threats and potential attacks which they can stop across multiple SaaS, PaaS, and IaaS environments
Break Silos: SecOps teams will now be able to bring forth pre-filtered cloud security events into their Security Information Event Management, Automation and Response platforms through API via mapping, to the same ATT&CK framework used for network/device threat investigation
Take Direct Action: This integration will be able to provide security managers with recommendations for cloud service configuration for PaaS, IaaS, and SaaS environments to address particular ATT&CK adversary techniques.
Rajiv Gupta, Senior Vice President & General Manager, Cloud Security, McAfee, has been quoted to say that while numerous SecOps teams have deployed repeatable processes and frameworks to eliminate risks and respond to threats. cloud threats and vulnerabilities so far have presented an unfamiliar paradigm. However, by translating these vulnerabilities into ATT&CK’s common language, MVISION Cloud will enable allows security teams to possibly extend their processes the cloud, understand, and then preemptively respond to cloud vulnerabilities, thereby enhancing enterprise security, he adds.