MITRE ATT&CK framework for AWS is now supported by CloudGuard
CloudGuard Threat Intelligence is adding support for MITRE ATT&CK framework for AWS.
MITRE ATT&CK® is a Matrix for Enterprise covering cloud-based techniques. It is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies.
CloudGuard clients can now evaluate their cloud deployments based on various attack vectors using well defined MITRE ATT&CK® framework.
For example one of the alerts that was produced by the CloudGuard Threat Intelligence is related to the MITRE ATT&CK ™ - Exfiltration tactics. This alert may indicate that this someone is stealing data from the cloud environment.
With visualization of the event, it is easy to tell that data is being transmitted from my internal cloud zone to some external IP.
Enrichment and integration with ThreatCloud™ (Check Point threat intelligence database that helps identifying and preventing threats) provides all the required information to triage and investigate this alert further.
For More information