FireEye Stories

Mandiant Security Validation Offers Automated Evaluation of Security Controls Against MITRE ATT&CK Framework

While organizations increasingly adopt the MITRE ATT&CK Framework® as a foundational element of their security program, many are challenged by the lack of resources and skills needed to plan, create and execute testing, a lack of expertise to analyze the results, and an inability to run tests on a consistent basis. A security team may have the ability to test against adversary behaviors detailed in the MITRE ATT&CK Framework, but to do so on a daily or even weekly basis is challenging.

With Mandiant Security Validation, organizations can automate the use of MITRE ATT&CK. As discussed in our whitepaper, Automate Testing Using MITRE ATT&CK with Verodin Security Validation (now Mandiant Security Validation), solutions such as Mandiant Security Validation provide organizations with a continuous controls validation technology aligned with MITRE ATT&CK to accelerate improvements to their detection and prevention capabilities in a safe, effective, repeatable and measurable way.

Mandiant Security Validation provides the technology, process and content needed for an ongoing, automated ATT&CK evaluation program. What makes this technology unique is the library of attacks powered by Mandiant global threat intelligence and front-line incident response data. Continuous controls validation based on timely and relevant intelligence enables security teams to not only prioritize the use of MITRE ATT&CK, but also gain confidence in the reliability of tests results. Results are available in a user-friendly MITRE ATT&CK dashboard as tests run. This provides visibility into exactly how their security controls will react when different adversary behaviors are executed in real time, and provide a clear path to optimizing controls.

Validating security effectiveness is not a lone event at a single point in time. IT environments change quickly and simple updates to configurations may have unintended consequences—what we refer to as Environmental Drift. By automating the recurring testing against ATT&CK Tactics, organizations gain a new level of assurance that their cyber security programs are properly defending the business.

Key Differentiators

The following are some of the primary ways that Mandiant Security Validation and alignment to MITRE ATT&CK benefit organizations:

  • Fast-track Implementation: Begin generating results within hours of initial implementation by leveraging the platform’s automation and content library, and mapping tools.
  • Save Time and Money: By automating MITRE ATT&CK emulations, defenders are freed from labor intensive, manual testing and able to optimize their time.
  • Identify Gaps Sooner: Easy to understand dashboards provide visualized data over time against an organization’s known good baseline, making it faster and easier to identify gaps and obtain continuous validation of security controls performance.
  • Accuracy of Results: Depth of coverage of ATT&CK Tactics from a vast library of attacks powered by Mandiant’s timely and relevant intelligence delivers confidence in reliable and accurate test results.
  • Increased Confidence: By automating the recurring testing against ATT&CK techniques, the organization gains a new level of assurance that their security program is properly defending the business.

With the Mandiant Security Instrumentation Platform, organizations no longer need to build a program from the ground up. Instead, they can rely on Mandiant to provide the technology, process and intelligence required to launch an effective and automated program.

Head over to our Mandiant Security Validation page and check out our demo to learn how security teams can validate their controls against the latest and emerging attacks aligned with the MITRE ATT&CK Framework.