EclecticIQ announced the integration with MITRE’s ATT&CK (adversarial tactics, techniques, and common knowledge) Framework. The integration allows insights into tactics, techniques and procedures (TTP) of adversaries.
As adversaries get more skilled, the demand for threat intelligence increases. The analysts at EclecticIQ Fusion Center produce threat intelligence based on various open, community and commercial sources, both as pre-defined products as well as customer-specific offerings.
Having ingested the ATT&CK matrix into EclecticIQ Platform, the analyst-centric Threat Intelligence Platform, attack patterns used in separate attacks can now be pinpointed.
The integration with MITRE’s ATT&CK framework creates equivalent STIX entities in EclecticIQ Platform. These entities are used as the ontology to identify activities of actors and capabilities so that overlaps can be identified.
“Use of common ontologies supports cross-knowledgebase understanding by having an archive of common denominators that all analysts share and allow us to identify patterns and trends across datasets much quicker,” said Chris O’Brien, Director Intelligence Operations at EclecticIQ.
“By utilizing ATT&CK, analysts can gain insights on the tell-tale components behind malicious campaigns and track malware capabilities evolving over time.”
“MITRE’s freely-available ATT&CK framework serves as a common language to describe adversary behavior,” said Richard Struse, Chief Strategist for Cyber Threat Intelligence at MITRE. He continued, “the use of ATT&CK by security vendors is an important step towards a future of collaborative threat-informed defense.”