icon-risk360.svg
Risk360

Analyzing Risk with MITRE ATT&CK

MITRE ATT&CK is a cybersecurity framework funded by the US government that is used to detect, identify, and classify various tactics, techniques, and procedures (TTPs) used for cyber attacks by attackers. It helps you assess your organization's security posture and calculate the risk of a cyber attack.

The MITRE ATT&CK framework assumes the attacker's point of view to navigate through your organization's network. This helps in highlighting the attacker's journey from the point of access to a potential data exfiltration, among other harmful acts. The integration of the MITRE ATT&CK framework with Risk360 provides in-depth knowledge of attackers' behavior and assists you in finding weak points, vulnerabilities, and misconfigurations within your organization's network and, in turn, helps you mitigate attack surfaces and lateral movement opportunities during an attack. This framework is widely implemented and trusted across the industry, acts as a communal approach to threat reporting, and most importantly, helps you look at your organization's risk from a deeper and recognized perspective.

To learn more, refer to the MITRE ATT&CK website.

Analyzing the MITRE Framework

The MITRE ATT&CK page (Frameworks > MITRE ATT&CK) shows the MITRE ATT&CK framework with all the TTPs and maps these TTPs to your current Zscaler protections and provides you with a holistic, as well as in-depth analysis of the attack techniques that Zscaler protects you against. The page also shows any misconfiguration of policies that are refraining you from covering an attack technique that can be reconfigured to strengthen your security stance.

Each TTP tile shows the name of the technique and the technique ID. When you click on a tile, it opens all the sub-techniques under the technique. The TTP tiles highlighted in blue indicate that they are covered by Zscaler protection, and the green or red color at the right side of these tiles indicates whether the protection is configured correctly or not.

Overview

The Legend section provides the following overview:

  • The donut chart shows the split between the number of techniques covered by Zscaler and those that are not. The center of the pie chart shows the total percentage coverage of the techniques.
  • Configurations: This section shows the number of configurations or policies that are misconfigured and configured correctly for your organization.
  • You can show or hide this section by using the arrow at the top right of this section.

Drawer View

Click on a technique or sub-technique to view the following information in a drawer view to the right side of the page:

    • The name of the technique, its ID, and the state of the sub-techniques, whether they are covered by Zscaler protection or not.
    • Details: A link that redirects you to the MITRE website where the technique is explained in detail.
    • MITRE Description: A description of the technique.
    • MITRE Category: The MITRE category is the level of coverage provided for the attack technique (i.e., Detect, Prevent, or Remediate). Whether the technique is detectable, preventable, or remediable by the Zscaler service.
    • MITRE Value: The severity that the attack technique possesses for risk computation (i.e., Minimal, Partial, Significant, or Substantial).
    • Zscaler Comment: A note on how Zscaler can help mitigate the risk from this attack technique by using one of Zscaler's progressive protection portfolios.
    • TTP to Zscaler Product Mapping: Maps the attack technique to the Zscaler feature responsible for protecting against these attack techniques and the Risk360 category that the TTP falls under.
    • TTP to Risk360 Factor Mapping: Maps all the attack sub-techniques to the Risk360 Factors and shows the status of each sub-technique.
    • Notes: Any notes that you added for the technique.

    Close
    • The name of the technique, its ID, and the state of the sub-technique, whether they are covered by Zscaler protection or not.
    • Details: A link that redirects you to the MITRE website where the technique is explained in detail.
    • MITRE Description: A description of the technique.
    • MITRE Category: The MITRE category is the level of coverage provided for the attack technique (i.e., Detect, Prevent, or Remediate). Whether the technique is detectable, preventable, or remediable by the Zscaler service.
    • MITRE Value: The severity that the attack technique possesses for risk computation (i.e., Minimal, Partial, Significant, or Substantial).
    • Zscaler Comment: A note on how Zscaler can help mitigate the risk from this attack technique by utilizing one of Zscaler's progressive protection portfolios.
    • Sub-Technique to Zscaler Product Mapping: Maps the attack technique to the Zscaler feature responsible for protecting against these attack techniques, the Risk360 category that the sub-technique falls under, and whether the configuration for the attack sub-technique is configured correctly or not.
    • Notes: Any notes that you added for the technique.

    Close

Hover-Over View

Hover over a technique or sub-technique tile to view the following information:

  • Whether the protections against these attack techniques are misconfigured or configured correctly and if Zscaler protects your organization against this attack technique.
  • Zscaler Control: The Zscaler feature that is responsible for helping protect against these attack techniques.
  • Related Risk360 Factors: The Risk360 Factors that are related to the attack.
  • Licensed?: Whether or not you are subscribed to the Zscaler feature that protects against these attacks.
  • Notes: Any notes that you added for the technique.

Related Articles
About Dashboard in Risk360About FactorsCrowdStrike Integration For Risk360 Factors About Asset-Level RiskAnalyzing an Asset RiskAbout Insights in Risk360Exploring ProblemsInvestigating Sections of a ProblemAbout Financial RiskManaging Financial Risk SettingsQuantifying Loss With Monte Carlo SimulationAnalyzing Risk with MITRE ATT&CKAnalyzing Risk with NIST CSFDownloading Risk ReportsTenable Integration for Risk360 Factors