Friday, 7th August 2020

McAfee's MVISION encompasses MITRE ATT&CK

New release brings cloud-native attacks and vulnerabilities to the forefront of the SOC, gives enterprises the ability to better discover and proactively act on threats.

McAfee has introduced MITRE ATT&CK® into McAfee MVISION Cloud, the company’s Cloud Access Security Broker (CASB), delivering a precise method to hunt, detect and stop cyberattacks on cloud services. This new integration gives SecOps teams a direct source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualise cloud security events within an ATT&CK.


“Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm,” said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee. “By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and runbooks to the cloud, understand and preemptively respond to cloud vulnerabilities, and improve enterprise security.”

According to data from McAfee research, most enterprises face an average of 20 attack attempts per month on their cloud services. The ATT&CK integration brings cloud attacks into focus and provides the opportunity to identify gaps in protection and make policy and configuration changes directly from McAfee MVISION Cloud.

The ATT&CK integration with McAfee MVISION Cloud introduces new capabilities to mitigate the risk of cloud attacks and vulnerabilities, including the ability to:

·Advance from Reactive to Proactive: McAfee MVISION Cloud allows SecOps teams to visualise not only executed threats in the ATT&CK framework, but also potential attacks they can stop across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) environments

·Break Silos: SecOps teams can now bring pre-filtered cloud security incidents into their Security Information Event Management/Security Orchestration, Automation and Response platforms via API, mapped to the same ATT&CK framework they use for device and network threat investigation

·Take Direct Action: McAfee MVISION Cloud now takes Cloud Security Posture Management (CSPM) to a new level, providing security managers with cloud service configuration recommendations for SaaS, PaaS and IaaS environments, which address specific ATT&CK adversary techniques

With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalise a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant. Security teams using MVISION Cloud now have all of their threat incidents automatically mapped to ATT&CK, allowing them to see all cloud attacks that have been fully executed; attacks in progress in order to take action; as well as the ability to combine incidents, anomalies, threats and vulnerabilities into one holistic, familiar view.

Yet only four out of 10 security leaders in the UK can answer the question, “How secure, or at risk,...
Half of first-time security analysts working in Security Operations Centres (SOCs) plan to leave aft...
Featuring on-premises, controllable enterprise proxy to securely monitor and process automated certi...
LogRhythm has released its report, The State of the Security Team: Are Executives the Problem? The s...
New research from email security firm Tessian reveals why people make mistakes, how blurred lines be...
The SonicWall Capture Labs threat research team has published the mid-year update to the 2020 SonicW...
BSA | The Software Alliance is pleased that the decision by the European Court of Justice (ECJ) uphe...
Overwork and burnout are very real issues for the IT security industry in 2020, according to the Cha...