MITRE Releases Tool to Design Cyber-Resilient Systems

1 year ago AndyC

Cyberattacks
are
on
the
rise
and
enterprise
defenders
are
protecting
an
increasingly
expanding
and
complex
attack
surface.

Cyberattacks
are
on
the
rise
and
enterprise
defenders
are
protecting
an
increasingly
expanding
and
complex
attack
surface.
For
many
organizations,
the
focus
is
shifting
away
from
prevention
to

resilience
—
to
maintain
essential
business
functions
during
an
attack
and
recover
quickly
without
losing
too
much
downtime.
Toward
that
end,
MITRE
has
released
the Cyber
Resiliency
Engineering
Framework
(CREF)
Navigator,
a
free
visualization
tool
for
engineers
designing
cyber-resilient
systems.

The
Navigator
helps
organizations
customize
their
cyber-resiliency
goals,
objectives,
and
techniques
as
aligned
by

NIST
SP
800-160,
which
outlines
standards
on
developing
cyber-resilient
systems.
MITRE
integrated
the
MITRE
ATT&CK
techniques
and
mitigations
into
the
Navigator
tool
to
help
engineers
understand
how
the
systems
they
are
designing
could
be
targeted.

Resiliency
is
something
that
is
engineered
into
the
system

—
it
doesn’t
just
happen.
The
CREF
framework
guides
engineers
along
four
key
principles:
Anticipate
(informed
preparedness),
Withstand
(continue
business
functions
even
while
under
attack),
Recover
(restore
business
functions
after
an
attack),
and
Adapt
(change
to
minimize
impact
of
attack).

The
tool
makes
it
possible
to
search
and
visualize
the
cyber-resiliency
framework
so
that
engineers
can
“make
educated
and
informed
choices,”
said
Shane
Steiger,
MITRE’s
principal
cybersecurity
engineer,
in
a
statement.

Companies
are
looking
at
cyber
resilience
as
part
of
their
strategy
to
prevent
incidents
and
mitigate
losses
when
they
occur,
according
to

Cisco’s
annual
“Security
Outcomes
Report”:
A
full
96%
of
executives
surveyed
named
security
resilience
as
high
priority.
The
report
identified
some
actions
that
helped
increase
resilience:

Companies
that
reported
implementing
a
mature
zero-trust
model
saw
a
30%
increase
in
resilience
score
compared
with
those
that
had
none.
Having
advanced
extended
detection
and
response
(EDR)
capabilities
correlated
to
a
45%
increase
in
resilience
score
for
organizations
over
those
that
reported
having
no
detection
and
response
solutions.
Converging
networking
and
security
into
a
mature,
cloud-delivered
secure
access
services
edge
(SASE)
increased
resiliency
scores
by
27%.

Automated
support
for
organizations
interested
in
building
stronger
defenses
for
their
critical
infrastructure
will
be
available
in
a
future
version,
MITRE
says.
“We
plan
to
keep
evolving
the
Navigator
as
the
discipline
of
cyber-resiliency
engineering
matures,”
MITRE’s
Steiger
said
in
a
statement.

Keep
up
with
the
latest
cybersecurity
threats,
newly-discovered
vulnerabilities,
data
breach
information,
and
emerging
trends.
Delivered
daily
or
weekly
right
to
your
email
inbox.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts