Download PDF version Contact company

ThreatQuotient™, a security operations platform innovator, announces that the ThreatQ™ integration with MITRE ATT&CK™ now includes support for PRE-ATT&CK and Mobile. Together with Enterprise ATT&CK, the three-pronged framework creates an end-to-end attack chain that examines and assesses an adversaries’ actions.

Since first integrating with MITRE ATT&CK in early 2018, ThreatQuotient has helped customers integrate the framework in their workflows to achieve a holistic view of their organization’s specific attack vectors and what needs to be done to effectively defend against adversaries. Attacks are happening with increasing velocity, and the average cost of a data breach has risen to $3.86 million, according to the 2018 Cost of a Data Breach Study by Ponemon.

Accelerate Detection

The security industry is placing greater emphasis on technologies

As more organizations begin to accept the likelihood that they will be breached, the security industry is placing greater emphasis on technologies, tools and processes to accelerate detection and response. However, this is not always done with collaboration in mind. When combined, the ThreatQ platform and MITRE ATT&CK framework enables expansive and shared understanding across teams and technologies, allowing faster response when an event occurs.

Every organization can derive value from the MITRE ATT&CK framework to measure, improve and extend the capabilities of their security operations. To yield the greatest success, security teams should use the framework to have a complete understanding of what they are trying to protect against,” says Ryan Trost, CTO & Co-founder at ThreatQuotient.

Cybersecurity Community

Whether mapping the attack tactics or techniques against your defences to more accurately assess your risk posture; connecting active adversaries to their own respective TTPs to ensure internal battle cards are accurate and distributed; or simply gauging your organization’s higher probability threat risk areas and providing your red team better ‘real world’ objectives ThreatQ’s integration of the ATT&CK framework provides teams an out-of-the-box capability.”

As an organization’s capacity to use ATT&CK data evolves, the ability to dig deeper into the framework will allow a company to gain even greater value...but at their own pace. This is great for the industry and will hopefully play a cornerstone role as organizations defend themselves against attacks.” “The MITRE ATT&CK knowledge base provides a common language for the cybersecurity community to use when describing adversary behaviors,” said Katie Nickels, MITRE ATT&CK Threat Intelligence Lead. “We continue to be inspired by the ways the entire community is using ATT&CK to improve their defenses.”

Respond To Incidents

Threat hunting teams can take a proactive approach

ThreatQuotient has long believed that the ability to accelerate security operations starts with having a thorough and proactive understanding of the actors, campaigns and TTPs targeting an organization. There are three main ways an organization can use the integration of ThreatQ and MITRE ATT&CK to their advantage:

  • Reference and Data Enrichment - Aggregate data from the framework into ThreatQ and search for adversary profiles to answer questions like: Who is this adversary? What techniques and tactics are they using? What mitigations can I apply? Security analysts can use the data from the framework as a detailed source of reference to manually enrich their analysis of events and alerts, inform their investigations and determine the best actions to take depending on relevance and sightings within their environment.
  • Indicator or Event-Driven Response - Use ThreatQ to correlate data from the ATT&CK framework with incidents and associated indicators from inside the organization’s environment. Security analysts can then automatically prioritize based on relevance to their organization and determine high-risk indicators of compromise (IOCs) to investigate. With the ability to use ATT&CK data in a more simple and automated manner, security teams can investigate and respond to incidents and execute appropriate courses of action for more effective detection and more efficient threat hunting.
  • Proactive Tactic or Technique-Driven Threat Hunting - Pivot from searching for indicators to taking advantage of the full breadth of ATT&CK data. Threat hunting teams can take a proactive approach, beginning with the organization’s risk profile, mapping those risks to specific adversaries and their tactics, drilling down to techniques those adversaries are using and then investigating if related data have been identified in the environment. For example, they may be concerned with APT28 and can quickly answer questions including: What techniques do they apply? Have I seen potential IOCs or possible related system events in my organization? Are my endpoint technologies detecting those techniques?

ThreatQuotient’s Neal Humphrey, Threat Intelligence Engineer Director, North America, will host a webinar on May 22, 2019 at 2:00pmET to discuss best practices for applying the MITRE ATT&CK framework effectively and making it actionable.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Historic Spanish Building Upgrades Security With ASSA ABLOY's SMARTair® Wireless Access Control
Historic Spanish Building Upgrades Security With ASSA ABLOY's SMARTair® Wireless Access Control

Schools present unique challenges for security and access control. But what about a school that is also a heritage site of exceptional value? The Colegio Diocesano Santo Domingo in Orihuela, Spain, is more than just a school. Its historic buildings date to the 1500s, a heritage site as well as a place of learning — with a museum that requires the protection of the same access system. The college buildings are a Resource of Cultural Interest and on Spain’s heritage registry: They must not be damaged. Wire-free electronic locks were the obvious answer.   A wireless solution SMARTair® wireless locking devices now control access through 300 doors around the school. Electronic escutcheons, knob cylinders, and wall readers (including lifts) are connected to intuitive SMARTair software by a network of 38 HUBs. The school chose SMARTair Wireless Online management for their new keyless access system. This powerful management option enables real-time control of access to and around the site, even if the school’s data network is down. Automated emails inform security staff of any incidents, keeping students, teachers, equipment, and precious heritage safe. real-time key management “The main benefit is the ease of real-time key management — from any place and at any time — via the wireless online management system,” says the school’s IT Manager, Francisco Fernández Soriano. “This increases security for children and for staff because no unauthorized people can enter the school.” In addition to the main entrances and classrooms, access to private spaces is constantly monitored “In addition to the main entrances and classrooms, access to private spaces such as lifts, offices, staff rooms, the church, the museum, the library, and the IT room is constantly monitored.” Scalable modular system Installation of the school’s SMARTair system required minimal work. Some doors date to the 16th century, so major alterations were not possible. “The system was installed without a hitch and also without any disruption to classes,” he adds. Because SMARTair is a modular system, scalability is built in. They can extend or fine-tune their access system when they choose. Indeed, the school’s “SMARTair Phase II” is already under discussion.

Hanwha Techwin America’s Wisenet Q Series 4MP Cameras Safeguard Anaheim Union High School District (AUHSD)
Hanwha Techwin America’s Wisenet Q Series 4MP Cameras Safeguard Anaheim Union High School District (AUHSD)

Hanwha Techwin America, a global supplier of IP and analog video surveillance solutions, announced that Anaheim Union High School District (AUHSD), one of the largest school districts in California, has strengthened its security infrastructure with a district-wide solution that includes 1,250 Hanwha Techwin Q series cameras across 20 different locations. Anaheim Union High School District Located just outside of Los Angeles, AUHSD is a public-school district serving portions of the Orange County cities of Anaheim, Buena Park, Cypress, La Palma and Stanton and has an estimated 2,900 employees in 20 different facilities. In total, it serves approximately 29,000 students from grades 7 to 12. Despite its size and expanse, the district was lacking a robust security camera system that could allow administrators to monitor or document incidents on campus. “Other than a few sites with some DVR-based systems, we did not have any security cameras,” explained Erik Greenwood, Chief Technology Officer for AUHSD. IP security cameras installed AUHSD decided to strengthen its security infrastructure with a district-wide solution Additionally, as the district continued to grow, so did the seriousness of some of its security issues. After several security incidents and school shootings at other campuses across the U.S., the district faced mounting concerns from the community. AUHSD decided to strengthen its security infrastructure with a district-wide solution that would include IP security cameras at its center. AUHSD officials collaborated with school principals, administrative staff, and local police departments to identify key areas where cameras should be placed, such as gathering points for students and the buildings’ main entrances and exits, as well as what specifications the system should have to produce viable footage for law enforcement. Wisenet Q series 4MP cameras The district brought on CA-based integrator, HCI Systems Inc., which recommended Hanwha Techwin’s QNV-7080R 4MP Network IR Vandal-Resistant Cameras. The Wisenet Q series 4MP cameras enable high-resolution monitoring with clear images, and the innovative hallway view feature maximizes the area of surveillance in narrow locations, such as school corridors. In addition, these Q series cameras are equipped with IR function, enabling clear, sharp images in dimly lit environments and during the night. Robust set of technical specifications According to Greenwood, the Hanwha cameras were chosen as the key part of the system for several reasons. He said, “We had a very robust set of technical specifications in our RFP, and the image quality, frame rate and light specifications of the Hanwha cameras matched our requirements.” In addition to their rich feature set, the Hanwha camera configuration presented a streamlined solution. Greenwood further stated, “We didn't have a large quantity of different camera models which meant we didn’t need to keep stock of all sorts of lenses and other accessories. The committee liked that approach from a troubleshooting and ongoing maintenance standpoint.” Vandal resistance  The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process since the camera domes can easily be cleaned or swapped without having to replace the entire camera. The Hanwha cameras were installed throughout the district in entrances, exits, exterior restroom doors, staff work areas and in general meeting areas. They are helping the district keep eyes on campus vandalism, graffiti, any other potential threats and, in some cases, even monitoring certain personnel issues, such as inappropriate use of school equipment. Campus surveillance When an incident is reported, administrators can quickly access and review the security footage to see what happened. In all, Greenwood said, “It's been a great project that involved everyone and the new cameras have some great qualities.” Now that the installation is complete, AUHSD is taking a closer look to see where there may still be some blind spots and exploring where they might benefit from potential expansion.

Open Options Paves the Way for New Customers in Access Control
Open Options Paves the Way for New Customers in Access Control

For more than 22 years, Open Options, Addison, Texas, has developed access control solutions that connect to leading security technologies to deliver a full-scale solution based on each customer’s unique needs. In 2018, Open Options was acquired by ACRE, which already owned the Vanderbilt and ComNet brands. To find out the latest, we interviewed Chuck O’Leary, President of Open Options. Q: It has been two and a half years since Open Options was acquired by ACRE. Briefly describe that transition and how the company is stronger today because of it. O’Leary: The ACRE transition really focused on integrating our access control solution, DNA Fusion, with Vanderbilt Industries technologies in order to further our reach in the market and enhance our portfolios. With their support, we have been able to accelerate innovations and expand our global reach. Overall, it has been a great experience to be a part of the ACRE organization, and it has opened the doors to new opportunities for us both here in the states and globally.  Q: What is "Connect Care" and how does it benefit integrators and/or end user customers? O’Leary: For those unfamiliar with the world of access control, it can often be a little overwhelming when first introduced; however, we strive to make our products as easy to use and intuitive as possible, with Connect Care being no different. Connect Care is a system that has been specifically designed to create the most connected experience in the security market Connect Care is a system that has been specifically designed to create the most connected experience in the security market. It serves as a 24/7 bridge from our customers to services like technical support, platform support, professional services, and training. By providing these options for our customers, we can better empower them with the knowledge and expertise of our DNA Fusion access control system and ensure their success with the product.  Q: Who are the new customers entering the market for access control systems in the wake of the pandemic, and how should they be approached/managed differently? O’Leary: Over the last year, there has been a huge demand for access control systems as remote work increased due to COVID-19, and even now, as employees and students are heading back into the offices and schools. Organizations are realizing that having an outdated security system is no longer robust enough for the rapid advancement of technology that we witnessed over the course of the pandemic, and really the past few years. For those who are just dipping their toe into a new access control deployment, the most important thing they can do is to search for a provider who has a solution that is easily integrated, scalable, and provides excellent training and resources. Q: Define the term "touchless access control" and explain why it is gaining a higher profile in the post-pandemic world. O’Leary: The interesting thing about access control is that it has almost always been touchless. Many organizations are looking for robust solutions that are touchless and can be utilized remotely, and it's fairly easy to understand why a solution like this would become widely popular because of COVID-19. Integrators are searching for access control systems that will serve as a proper solution for organizationsThe process of using access control to streamline security infrastructures is not a new concept by any means, but due to the rapid development in technology over the past few years, more integrators are searching for access control systems that will serve as a proper solution for organizations, while still supplying the touchless and remote-based features. Q: What do you see as the future course of the changing technology trends we see in today's market (such as mobile credentials, cloud-based systems, cybersecurity, etc.)? O’Leary: As we continue to tread through the different technological developments in the market today, we are noticing that mobile credentials and biometrics are becoming increasingly popular. As cybersecurity and mobility continue to become more important, we are also seeing the rapid jump to the cloud. By utilizing cloud-based systems, an organization is not hindered by a lack of storage or old software and gains the flexibility to scale their security system as their business grows. Q: How will the access control market look different five years from now versus today? What about 10 years from now? O’Leary: Within the next five years, I suspect that access control will continue to make the move towards cloud-based systems and utilize mobile credentials and biometrics. In 10 years, I think all access control will be open platform and many more organizations will embrace cloud solutions for increased functionality. Also, innovations will continue to be the drivers behind new deployments with some installations being biometrics only and include recognizing fingerprints, retina scans, facial recognition, and voice. Q: What is the biggest challenge currently facing the access control market, and how should manufacturers (including Open Options) be addressing the challenge? O’Leary: One of the biggest challenges facing the physical access control market is organizations actually making the shift to more up-to-date access control systems. Organizations are looking to adopt more digital-focused access control experiencesOrganizations are looking to adopt more digital-focused access control experiences — ones that are focused on integration, newer features, cybersecurity, and ease of monitoring. Access control manufacturers should be addressing this challenge by creating integratable, scalable systems that are easily managed and provide a structured, streamlined approach for an organization’s security infrastructure. Q: What is the biggest misconception about access control? O’Leary: Access control is not a one-size-fits-all solution, and some organizations might have different standards or assets that need protection. This is why it's vital to know the risks your organization faces when speaking with access control providers — to ensure the best possible outcome for your specific needs. It's important to remember that whatever access control system is chosen should proactively mitigate any risks, be easily taught to and successfully used by employees, and be scalable with your organization. No matter the line of work, a proper access control system should streamline the security infrastructure and lessen stress on the security team and employees.