Network Detection & Response for MITRE ATT&CK Framework
The MITRE ATT&CK Framework has rapidly become popular among security teams looking to take a structured and proactive approach to improving threat detection.
For many security professionals, using the ATT&CK Framework means taking a close look at each of the hundreds of tactics, techniques, and procedures (TTPs) and trying to figure out which tool in their patchwork of solutions is most likely to detect or block any given threat. MITRE provides an evaluation framework for Endpoint Detection and Response (EDR) platforms to test their standard deployments against a subset (56) of the TTPs listed. However, no such evaluation yet exists for network detection & response (NDR) products.
Read the white paper for a high-level view of how enterprise NDR with ExtraHop Reveal(x) detects and enables investigation of a broad range of the TTPs catalogued by MITRE ATT&CK!