The largest cybersecurity breach of U.S. national security in history–the supply chain compromise of Solarwinds–went undetected by government security tools. Yet the tactics and techniques used by the adversaries are known and have been documented in the MITRE ATT&CK framework for years. So what went wrong?
This paper proposes a different approach to adversary detection by detecting the constants in a breach using the concept of active defense as described by the new MITRE Shield framework. The idea is that blue teams should detect lateral movement and living off the land after the adversary has established a beachhead instead of relying solely on detecting the attack using known knowns.
Download the whitepaper to learn:
- The details of the Solarwinds / Sunburst attacks by nation-state adversaries
- About Johari’s Window, and the concept of known knowns, known unknowns, and unknown unknowns and how it can be used to identify cybersecurity blindspots and incident response
- The tactics, techniques, and procedures (TTPs) attackers use after establishing a beachhead in the network
- The most effective methods of detection and identification of lateral movement and attackers
- Why an active defense using deception and MITRE Shield framework is now a business and security imperative