Cybersecurity updates and news continue to fill my inbox. This one combines the trend toward working together for the common good.
Next DLP (“Next”), a leader in data loss prevention and insider threat solutions, announced that their Reveal Platform is the first Insider Risk Management solution to automatically map detection events to MITRE Engenuity Center for Threat-Informed Defense’s (“Center”) expanded Insider Threat Knowledge Base (ITKB 2.0). The ITKB 2.0 is the first of its kind to offer an evidence-based, multi-organizational, and publicly-available compendium of insider threat tactics, techniques, and procedures (TTPs). This endeavor was developed in partnership between MITRE, Next DLP, CrowdStrike, HCA Healthcare, JPMorgan Chase Bank, N.A., Lloyds Banking Group, Microsoft Corporation and Verizon Business.
Digital transformation and hybrid workforces have significantly increased the complexity and volume of insider threats organizations face. Legacy solutions often require extensive manual effort to correlate detection events with specific threat behaviors, resulting in delayed responses, potential security breaches, and data leaks. Reveal addresses this challenge head-on by automatically including MITRE’s Techniques, Tactics, and Procedures (TTPs) in its detections, incidents, and analyst case reports.
“The expansion and refinement of our data repository was made possible by new cases and insights from our dedicated data contributors,” said Suneel Sundar, Director R&D, of the Center. “We’re delighted that Next is leveraging our knowledge of adversary behaviors and capabilities to provide defenders with a better opportunity to detect malicious insiders.”
By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle, from initial reconnaissance and data collection to defense evasion and exfiltration. For the chronically overstretched Security team—a persistent problem given the ongoing security talent shortage—this rich information view maximizes the efficiency of analyst resources, empowering security teams of all sizes to perform at heightened levels.
“With Reveal, and in partnership with MITRE CTID, we are setting a new standard for data protection and insider threat mitigation,” said John Stringer, Head of Product at Next DLP. “By automating the mapping of detections to MITRE’s Insider Threat TTPs, we enhance our clients’ security posture by demonstrating MITRE ATT@CK coverage and significantly reducing the time and resources required to identify, respond to and report on high-impact insider threat activity.”
The MITRE Engenuity Center for Threat-Informed Defense is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Composed of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact [email protected].