McAfee, the device-to-cloud cybersecurity company, has announced the introduction of MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) into McAfee MVISION Cloud, the company’s Cloud Access Security Broker (CASB). The new approach will help to deliver a precise method to search, detect, and stop cyberattacks on cloud services. This integration will help SecOps teams to direct the source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is considered to be the first CASB provider to tag and visualize cloud security events within an ATT&CK.

Data from McAfee research shows that most companies experience more than 485 external threat incidents, on average, on their cloud services each month. The ATT&CK integration focuses on cloud threats and offers an ability to detect security problems and make policy and configuration changes directly from the McAfee MVISION Cloud.

“Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm,” said Rajiv Gupta, Senior Vice President and General Manager of Cloud Security, McAfee. “By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and runbooks to the cloud, understand and preemptively respond to cloud vulnerabilities, and improve enterprise security,” he added.

The collaboration of ATT&CK with McAfee MVISION Cloud introduces new capabilities that help to reduce the risk of cloud attacks and vulnerabilities along with the ability to-

Advance from reactive to proactive:

McAfee MVISION Cloud helps SecOps teams to visualize not only the threats performed in the ATT&CK framework but also gauge potential attacks that can be stopped across multiple Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) environments.

Break silos:

SecOps teams aim to add pre-filtered cloud security activities into their Security Information Event Management/Security Orchestration, Automation and Response platforms using API, which is mapped to the same ATT&CK framework they use for device and network threat investigation.

Take direct action: 

McAfee MVISION Cloud now has the ability to take Cloud Security Posture Management (CSPM) to a new level, giving security managers cloud service configuration recommendations for SaaS, PaaS, and IaaS environments, which address specific ATT&CK adversary techniques.

With the implementation of ATT&CK into McAfee MVISION Cloud, there is no longer a need to manually sort and map incidents into frameworks such as ATT&CK or to learn and operate a separate cloud threats and vulnerabilities system, which can be tedious and time-consuming—particularly as cloud-native threats become more prevalent.

Security teams using MVISION Cloud can now map all of their threat incidents automatically to ATT&CK, allowing them to see all cloud attacks that have been fully executed; attacks in progress to take action; and the ability to combine incidents, anomalies, threats and vulnerabilities into one holistic, familiar view.