Mapping Vulnerabilities with the MITRE ATT&CK Framework 

We discuss how you can map CVE records with the MITRE ATT&CK framework.

About this talk

Threat actors are constantly evolving their tactics and techniques behind the scenes to target new flaws in the attack lifecycle and infiltrate company infrastructure. While most organizations are already performing vulnerability management based on the CVE registry by MITRE, few have considered the powerful correlations between CVEs and another of their useful resources – the MITRE ATT&CK® framework.

The MITRE ATT&CK® framework was set up to document adversarial tactics and techniques based on real work observations. Since its inception, the MITRE ATT&CK matrix has provided an evolving list of behaviors attackers employ when compromising networks. This detailed research helps businesses better identify security gaps and strengthen defensive measures by studying attacker behavior.

In this on-demand webinar we’ll discuss how you can map CVE records with the MITRE ATT&CK framework to enhance vulnerability management process and achieve better risk management

  • What is the MITRE ATT&CK framework and how it relates to vulnerability management
  • Understanding the different phases of the attack lifecycle in the MITRE ATT&CK matrix
  • Mapping CVEs with the ATT&CK techniques
  • Integrating MITRE ATT&CK framework to disrupt attack sequences and reduce risk

About The Author

Simon Roe Application Security Product Manager at Outpost24

Simon is a 20+ year veteran of the IT and IT Security industry, Having started his career as a developer before ‘Agile’ was even a concept, he then moved into an operational security role for a global manufacturing company before holding a number of technical presales and evangelist roles for a number of network and hardware security vendors. Now as a senior product manager for Outpost24, Simon brings his knowledge and experience to ensure customers are given the tools and solutions needed to run successful DevSecOps programmes.