MITRE strategy 10 says measure performance to improve performance. It’s important to set a baseline of where resources spend their time and energy — and what results they achieve. Resolution Intelligence Cloud can help with this by providing visibility — the complete operational picture across security and operations — and the ability to prioritize incidents based on risk to the business (identifying and separating the mundane from the urgent).
With that baseline established, organizations can improve SOC and IT interoperability and functionality. Hello, strategy 11.
MITRE Strategy 11: Turn up the volume by expanding SOC functionality
CHALLENGE: Cyber adversaries are continually evolving, and technology changes rapidly. SOCs need to keep pace.
MITRE suggests that once an incident response is mature, SOCs should enhance their programs with threat hunting, red teaming, deception, malware analysis, forensics, and tabletop exercises. Any of these can improve the likelihood of finding sophisticated adversaries.
We would add that there are already other, more advanced technologies to consider because they provide:
More data in real-time, over time, avoiding the risk of filtering out signals that turn out to be important when combined with other signals
More analytics and machine learning to identify patterns from disparate data sources over time, beyond what detection rules may miss
More automation to relieve alert fatigue and up-level analyst skill sets
More effectiveness, enabling analysts to move beyond a reactive, whack-a-mole approach to closing tickets and instead focus on proactively avoiding vulnerabilities, predicting potential threats, and identifying where to focus first to minimize damage when incidents occur.
Resolution Intelligence Cloud does all of the above today.
Using first-source and third-party curated threat intelligence, the platform crawls the web and weaves together indicators of compromise (IoCs) associated with new threats. If it detects a high rate of similar IoCs, it searches for real-time and historical context to determine if there’s been a breach. Note that it’s important to be able to store data for an extended period. As per the IBM/Ponemon Institute “Cost of a Data Breach Report 2022,” it takes an average of 277 days to detect and contain a breach. By taking this proactive step, SOCs can start to get ahead of threats, mitigating malicious compromises before they can cause damage.
And getting ahead is really what strategy 11 is all about. To beat the bad guys, you need to innovate, go beyond traditional constructs, and rethink how to run both security and IT operations.
Resolution Intelligence Cloud makes noise by lessening noise
In 2016, I wrote a book titled Threat Forecasting: Leveraging Big Data for Predictive Analysis. At that time, the technology that would enable predictive analysis for threat forecasting was just emerging. Now it’s here, ready, and it’s why I joined Netenrich to lead product management for Resolution Intelligence Cloud.
Throughout this MITRE blog series, I’ve discussed how Resolution Intelligence Cloud is not just another technology platform, but a new way to run security and IT operations at scale and speed. Purpose-built to enable operational resilience, it improves threat detection and response, availability and performance, and wins for both IT ops and security teams.
In short, Resolution Intelligence Cloud is a strategy in and of itself that helps SOCs implement and amp nearly all of MITRE’s recommendations and ultimately, transform and optimize both security and IT operations to deliver better business results.