Create a Post
Marina_Segal
Employee Alumnus
Employee Alumnus

MITRE ATT&CK framework for AWS is now supported by CloudGuard


CloudGuard Threat Intelligence  is adding support for MITRE ATT&CK framework for AWS.

MITRE ATT&CK® is a Matrix for Enterprise covering cloud-based techniques. It is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies.

CloudGuard clients can now evaluate their cloud deployments based on various attack vectors using well defined MITRE ATT&CK® framework.

Marina_Segal_0-1600961141799.png

For example one of the alerts that was produced by the CloudGuard Threat Intelligence is related to the MITRE ATT&CK ™ - Exfiltration tactics. This alert may indicate that this someone is stealing data from the cloud environment.

Marina_Segal_1-1600961141797.png

With visualization of the event, it is easy to tell that data is being transmitted from my internal cloud zone to some external IP.

Marina_Segal_2-1600961141800.png

Enrichment and integration with ThreatCloud™ (Check Point threat intelligence database that helps identifying and preventing threats) provides all the required information to triage and investigate this alert further.

Marina_Segal_3-1600961141798.png

 

For More information

https://www.checkpoint.com/products/cloud-intelligence-threat-hunting/ 

Latest Blogs:

https://blog.checkpoint.com/2020/09/16/cloud-threat-hunting-attack-investigation-series-breach-of-ma...

https://blog.checkpoint.com/2020/09/10/cloudguard-intelligence-threat-hunting/




Marina
0 Replies