We're excited to share with you our new Attack Scenario Analytics capability! Based on the MITRE ATT&CK® framework, the Attack Scenario Analytics data provides additional context to risk findings so that enterprise customers and third parties can make faster, better-informed decisions regarding risk remediations in order to improve the overall defensibility of their ecosystems.
The MITRE ATT&CK framework is a global standard for analyzing tactics and techniques used by malicious actors. It’s the most comprehensive, granular, and widely adopted framework in the cybersecurity industry for attack and kill chain modeling. With Attack Scenario Analytics, our users can now leverage the 13 MITRE tactics to achieve greater visibility and context into how well a third party is prepared in relation to common and recent cyber-attacks. Additionally, we uses MITRE techniques to create kill chains and use cases, which help uncover unreported defense gaps as well as inspect assessments in the context of attack postmortems.
“Attack Scenario Analytics is the latest example of how using a standardized data set and advanced analytics can provide our customers with enhanced transparency and visibility into areas of cyber risk that may need attention,” said Fred Kneip, CEO of CyberGRX. “We are the only third-party cyber risk company that has mapped the entirety of our risk analytics platform with more than 150 MITRE kill chains, based on the most impactful recent cyber-attacks. Having this additional insight into threats and risks enables improved third-party detection, monitoring and response to attacks.”
Attack Scenario Analytics is included in the CyberGRX Exchange for all customers and third parties. It allows for easier integration of CyberGRX risk outcomes and insights into internal risk and threat management programs and provides traceability for control gap selections. This increased credibility and defensibility of CyberGRX risk findings supports third-party decision making and relationships with customers.
Integrating the MITRE ATT&CK framework with CyberGRX security controls supports our mission to map the cybersecurity reputations of every third party, providing a 360-degree view of an organization’s security posture. With the addition of Attack Scenario Analytics along with current capabilities such as Auto Validation and Framework Mapper, users have access to advanced, insight-rich data sets, allowing them to prioritize their cyber risks and build effective, risk-reducing programs quickly, and more accurately.