RevealX™ and the MITRE ATT&CK® Framework

Network Detection & Response for MITRE ATT&CK

What do you do when faced with a cereal aisle of threat detection tools? You turn to frameworks like MITRE ATT&CK in order to evaluate possible solutions against a real-world array of adversary tactics, techniques, and procedures (TTPs).

The MITRE ATT&CK knowledge base includes TTPs in use by attackers across a wide range of sophistication, from the high school troll to advanced persistent threat groups operating on a global scale. By checking a potential detection tool against which TTPs it's able to spot, you'll be better able to understand how that tool will perform in the wild.

The MITRE ATT&CK Matrix for Enterprise divides TTPs into eleven categories, from Initial Access all the way up to Command & Control. What you'll quickly note is that many of the scarier attacks out there are subtle and multi-stage, appearing almost solely as unusual traffic patterns within an enterprise network.

Detecting these attacks is like tracing a crocodile in the water—sometimes you might catch a series of ripples, and if you're lucky you can connect those ripples to a glimpse of eyes above the surface, but the most telling signs of the attack about to come are the underwater currents you can't see. That's where network detection and response (NDR) solutions come in.

NDR tools analyze east-west (internal) network traffic in real time, with advanced behavioral analytics that help SOC analysts put together a more complete picture of what's going on within their networks. Enterprise NDR tools like ExtraHop RevealX bring an even richer set of capabilities to the table, such as:

• Instant access to application transaction contents at Layer 7, enabling rapid detection and investigation of threats hidden in legitimate traffic
• Machine learning-driven behavioral analysis that catches unknowns that rules-based detection tools miss
• Real-time decryption capabilities, including for Perfect Forward Secrecy (PFS)
• Out-of-band, passive processing of network traffic at up to 100 Gbs, while most vendors top out at 40 Gbps

This whitepaper provides a comprehensive list of the 106 MITRE ATT&CK techniques that the ExtraHop RevealX network detection and response platform is capable of detecting out of the box (no integrations required).

Additionally, learn what differentiates RevealX from competing cybersecurity solutions and allows the platform to provide breadth and depth of coverage against the MITRE ATT&CK Matrix for Enterprise.

Explore the specific RevealX detectors and detections that drive our MITRE ATT&CK coverage by downloading today.