10 July 2018 – Amsterdam, the Netherlands – EclecticIQ, the global enabler for threat intelligence-powered cyber defenses, today announced the integration with MITRE's ATT&CK™ (Adversarial Tactics, Techniques, and Common Knowledge) Framework. The integration allows for improved insights into tactics, techniques and procedures (TTP) of adversaries.
As adversaries get more skilled, the demand for precise threat intelligence increases. The analysts at EclecticIQ Fusion Center produce threat intelligence based on various open, community and commercial sources, both as pre-defined products as well as customer-specific offerings. Having ingested the ATT&CK matrix into EclecticIQ Platform, the analyst-centric Threat Intelligence Platform, attack patterns used in separate attacks can now be pinpointed.
The integration with MITRE's ATT&CK framework creates equivalent STIX entities in EclecticIQ Platform. These entities are used as a common ontology to identify the specific activities of actors and capabilities so that overlaps can be identified.
"Use of common ontologies supports cross-knowledgebase understanding by having an archive of common denominators that all Analysts share and allow us to identify patterns and trends across datasets much quicker", said Chris O'Brien, Director Intelligence Operations at EclecticIQ. “By utilizing ATT&CK, analysts can gain insights on the tell-tale components behind malicious campaigns and track malware capabilities evolving over time.”
“MITRE’s freely-available ATT&CK framework serves as a common language to describe adversary behavior”, said Richard Struse, Chief Strategist for Cyber Threat Intelligence at MITRE. He continued, “the use of ATT&CK by security vendors is an important step towards a future of collaborative threat-informed defense.”
EclecticIQ is a strong proponent of community and standardization efforts within cyber security, and supports threat intelligence sharing, such as STIX and TAXII. By embracing ATT&CK, EclecticIQ hopes to encourage other community members to make use of this curated knowledge base and help turn it into an industry standard.
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.
Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation, and threat hunting, as well as incident response efforts. And we tightly integrated our solutions with our customers’ IT security controls and systems.
EclecticIQ operates globally with offices in Europe, United Kingdom, and North-America, and via certified value-add partners.
Learn more at www.eclecticiq.com