Secureworks has announced the launch of its new Taegis XDR Adversary Software Coverage (ASC) Tool, now making transparent MITRE coverage accessible to everyone.
The ASC tool maps over 500 unique adversarial software types against the MITRE ATT&CK framework, including ATT&CK v9 which debuted on April 29, 2021. The new ASC tool is open to the public, fully interactive for the user, and deeply granular in its coverage mappings of the actual techniques and sub-techniques utilised by the adversaries. This sets it apart from similar tools other security companies have developed to show MITRE visibility.
The non-profit MITRE Corporation has successfully established its ATT&CK Matrix for Enterprise as the common language spoken throughout the InfoSec community. This wide adoption of a single standard is clear in security tools across the spectrum of capabilities and markets—from endpoint, to network, to cloud, to mobile—and in nearly every security product niche.
According to Secureworks’ Director of Technical Marketing, Michael Rosen, this is why an increasing number of buyers turn to MITRE ATT&CK when assessing vendors, and why Secureworks wanted to create an intuitive, self-service tool which allows users to explore how Taegis XDR maps to the universal framework.
“Taegis XDR maps defenses and countermeasures against more than 90% of all adversarial TTPs used by the malicious software tracked by MITRE, across all framework categories. We built Taegis XDR and Taegis ManagedXDR to detect the threats that evade the layers of your defensive security stack, especially preventative layers like the Next-Generation Firewall or the Endpoint Protection Platform,” said Michael.
“One hundred percent coverage against all attacks is unachievable for a single tool as things stand today, which is why we recommend targeted inclusion of a few additional tools to bring most enterprises close to full coverage.”
Taegis XDR extends from endpoint to network to cloud, with sensors deployed at strategic locations across the enterprise to deliver maximum visibility. As a multi-vector detection technology, XDR sees these attacks from a comprehensive vantage point by combining the visibility from various single-purpose tools together to increase total MITRE coverage.
The point with highlighting MITRE is to show how a tool can positively impact your detection capabilities. As Forrester VP and Principal Analyst Jeff Pollard presciently contends, this shouldn’t be about vendor chest-beating.
“At Secureworks, we’re not focused on ‘winning’ MITRE evaluations. Our ethos is to use MITRE as a way of demonstrating how we can help you improve visibility, and to help inform your buying decision. As a general rule, this is best practice for using the MITRE matrix,” added Michael.
“When vendors use it to show visibility for customers, it helps them make informed decisions regarding the tools in their security stack and offers a way to source the fewest tools needed for the greatest amount of attack surface coverage. MITRE helps you avoid coverage overlap and gaps in your stack. This way you’re not paying for duplicate coverage, nor do you have holes in your defenses. MITRE alignment is an effective way to help you find this balance.”
Michael says that a good rule of thumb is to be wary of any vendor who claims 100% MITRE ATT&CK coverage—or even 100% across a single category of attacks—ransomware, trojans, botnets, etc.—as the adversarial tactics, techniques and procedures are constantly evolving, and the list of software used by the adversary continues to grow.
Secureworks recommends when businesses are in the middle of the vendor selection process, ask them about their capabilities and limitations, plus which products complement their strengths and fill key visibility gaps to get as close as possible to comprehensive attack surface coverage.
“Secureworks is proud of how much coverage Taegis XDR offers our customers – but of course, we don’t expect you to simply take our word for it. Take a test run of our Taegis XDR Adversary Software Coverage (ASC) tool and experience it yourself. You’ll see what Taegis XDR sees, right down to the technique and sub-technique used by the adversary, across a library of hundreds of real-world malicious software tools,” concluded Michael.