Back to Blog

MITRE ATT&CK Coverage: Vectra AI provides over 90%

By
John Mancini
|
April 27, 2022

Vectra’s Coverage of MITRE ATT&CK v10 and MITRE D3FEND

Vectra provides coverage for over 90% of the relevant MITRE ATT&CK techniques.

MITRE ATT&CK framework is a curated knowledge base of what attackers do during an attack. It enables a clear and consistent means of talking about how attacks happen along with providing a framework for discussing what coverage is necessary to keep your business secure.

All Vectra detections across public cloud, SaaS, federated identity, and data center networks are mapped to MITRE ATT&CK to help security teams discuss and present the outcomes of investigations and understand how Vectra supports them in securing their business.

How Vectra Leverages MITRE ATT&CK

Vectra uses ATT&CK as one of several guides for deciding what threat detections to build. Vectra’s security researchers factor in updates to ATT&CK techniques and their application by active APT groups alongside independent threat research about active threat behaviors and real-world observations made while investigating real-world attacks across our deployments. This threat research is leveraged heavily in our security-led AI approach, which uses the identification of a threat behavior as the starting point for new Vectra threat detections..

Beyond using ATT&CK to guide threat detection coverage, Vectra produces priority scores that are directly related to the set of ATT&CK techniques an observed account or host leverages. Vectra’s AI prioritization engine translates each Vectra detection into a set of ATT&CK techniques and considers the likelihood of a compromise given the total observed set of behaviors. As more techniques are observed that align with an attacker's progress, a higher priority score is calculated resulting in real attacks being clearly prioritized for immediate response.

Vectra’s Supported MITRE D3FEND Countermeasures

Native Vectra functionality and supported integrations enable support for over 30 MITRE D3FEND countermeasures, where 12 Vectra patents are referenced as the foundations for the specified countermeasures.In fact, Vectra has the most patents referenced in the D3FEND framework than any other security vendor.

MITRE D3FEND provides a way to express detection capabilities that directly map to a level of coverage for MITRE ATT&CK. While the D3FEND framework is new and still developing, it provides insights about the countermeasures used to address the mapped ATT&CK techniques. The D3FEND framework currently does not represent all the countermeasures deployed in the Vectra platform.

Explore Vectra’s MITRE Coverage for Yourself

Details of Vectra’s MITRE ATT&CK coverage can be explored using the native MITRE ATT&CK Navigator and the Vectra layer file found in our support portal.

The MITRE D3FEND countermeasures enabled by Vectra can be explored in a modified version of the MITRE D3FEND technique freely accessible from our support portal.

You may also watch our webinar on How to Counter MITRE ATT&CK with MITRE D3FEND to learn more about these frameworks.

Contact us if you would like to learn more about how Vectra can improve your MITRE ATT&CK coverage and provide MITRE D3FEND countermeasures that allow you to see and stop threats to your hybrid and public cloud, data center, SaaS apps, and identity.