Recently, Safe Security announced its research affiliate sponsorship with MITRE Engenuity’s Center for Threat-Informed Defense (CTID). This partnership forges a way for global organizations to benefit from the Center’s state-of-the-art research and practice of defense and Safe’s expertise in AI-driven and proactive cyber risk management approach. The research collaboration will build on the MITRE ATT&CK® Framework, forming the foundation for a threat-informed defense approach to counter the latest techniques leveraged by today's most advanced threat actors.
We are proud to work with the Center to make meaningful and innovative contributions to the cybersecurity community. As like-minded research teams come together in the Center’s publicly available research and development (R&D) projects, we will be able to uphold our internal research to global standards – enabling current customers and the community at large to adopt a predictive posture, understand the likelihood of various cyber risk scenarios, and protect against cyberattacks.
The Significance of the Safe x MITRE Engenuity CTID Partnership
Current solutions in the market are often ill-equipped to respond to the evolving needs of modern businesses. Obsolete legacy systems and low-fidelity spreadsheets encourage a piecemeal approach to cyber risk management. This significantly increases the chances of critical risk exposure, with many businesses failing to establish a comprehensive view of their cyber risk posture. The lack of sufficient threat intel exacerbates gaps in the evaluation process, leaving businesses vulnerable to emerging threats.
The result? Despite best efforts, organizations struggle to manage and report cyber risk effectively. The market requires greater automation in overall cyber risk management and needs solutions based on sound data-science principles founded upon credible research.
The MITRE ATT&CK Framework has been a game-changer in the realm of security by introducing a shared language and classification system that unifies companies and security vendors in measuring and discussing cybersecurity. Its 14 tactics, 193 techniques, and 386 sub-techniques result in thousands of implementation procedures for each technique, making it a comprehensive risk management approach. However, to build an effective, scalable, and practical defense strategy around the Framework can be daunting.
Under the Center’s umbrella, disparate research can come together to create sustainable and scalable developments in cybersecurity. The Center has a track record for enabling frictionless cybersecurity research to drive positive, crowd-sourced, and peer-reviewed transformations. Safe is excited to be a part of this global community. By collaborating with fellow research partners, we will drive integrations, build robust internal R&D capabilities, and develop powerful yet scalable solutions to CRQM challenges.
Through this partnership, Safe and the Center will work together to enable organizations to build a predictive cybersecurity risk posture and protect against cyber attacks, using the Framework and:
- Quantify cyber risk, vulnerabilities, and exposures
- Gain real-time visibility to the enterprise-wide external and internal threat landscape.
- Prioritize the management of critical cybersecurity risk across the attack surface.
- Effectively communicate cyber risk to their Board and stakeholders.
How SAFE Predicts Cyberattacks Using the MITRE ATT&CK Framework
The MITRE ATT&CK Framework is the centerpiece of our Cyber Risk Quantification and Management solution. Our Cyber Risk Cloud of Clouds Platform – SAFE – leverages the Frameworks to enable CISOs to prioritize cyber risk management and successfully reduce business risk from cybersecurity gaps and exposures.
SAFE Maps Enterprise-wide Risk Using the MITRE ATT&CK Framework
To remove the guesswork from cybersecurity risk management, the SAFE platform:
- Automatically aggregates diverse signals from cyber initiatives deployed within an organization to determine the most critical risk based on the MITRE ATT&CK Framework.
- Equips organizations to manage new and emerging threats in bespoke cyber risk scenarios by mapping attacker type, threat actor behavior, and attack surface to the Framework’s Tactics, Techniques, and Procedures (TTP).
- Prioritizes security gaps across the enterprise attack surface and correlates them to the ATT&CK Techniques, mitigation, and detection requirements.
- Suggests prioritized remediation efforts to prevent breaches based on the severity of the vulnerabilities on the ATT&CK kill chain.
- Quantifies an enterprise's likelihood of being breached based on the detected vulnerabilities, exposures, and remediation strategies, including cyber insurance.
ATTACK Mapping on SAFE
“We are thrilled to have Safe Security on board as we strengthen our collective understanding of adversary behaviors and our ability to thwart cyber attacks.” Jonathan Baker, Co-Founder and Director of the Center for Threat-Informed Defense
Building a Safer Digital Future Together
Through this partnership, alongside cybersecurity thought leaders and top industry experts, Safe and my entire team look forward to contributing to the advancement and improvement of cyber defense. With CTID’s global platform, we will be able to advise corporations, governments, and regulatory authorities on how to effectively articulate and manage cyber risk and support international community engagement efforts in the adoption of CRQM. This propels us closer to achieving our vision of becoming the de-facto industry standard to measure, manage, and mitigate cyber risk.