I have since become a permy member of staff and promoting Eramba where I’m working now as it could save our bacon. I thought I’d run this idea past you as Eramba can do about 95% of what i’m looking for and looking at cobbling together with SharePoint Lists and excel the last 5%.
Problem: We are using the Mitre Attack Framework to prioritise our SIEM detections and used then to either rationalise our security technology stack or for purchasing of new technology. I would like to know from my security technology what is it’s potential coverage v’s actual coverage on the framework and then add a lens of whether that TTP is prevented or detected.
The security Technology should map to Internal Controls, Risks, Third Parties, and Mitre TTP’s both Potential and Actual. I think this is then different to Assets. Happy to be corrected.
Below are a couple of links for background info. Happy if this is something you’d be interested on, jumping onto a call to chat it through some more.
I was looking at Compliance packages. That’s why I said it would do about 95% of what I’m looking for but it’s also the mapping of Potential and Actual coverage for security products against the Attack Framework. Similarly if you take NIST as an example NIST Controls map to Attack TTP’s or Threats
Underlying all of that you then have security products that are designed to detect or prevent TTP’s. Similar to say ISO27001 you will only select controls based on your risk appetite and identified risks. Same is said with TTP’s if the Threat is not appropriate for your environment you will not put in a counter measure. This is the bit i’m struggling with just now. If I have a security product database I would like to know What TTP’s are configured for detection/prevention. On the flip side. If a new threat is identified and linked to a TTP I would like to be able to review my catalogue of security products to see if the tool has the potential to cover said threat or whether I need to go to market for a new technology to cover the identified threat.
Just to add TTP’s are updated every 6 months by Mitre Attack