New Blog Post | The evolution of a matrix: How ATT&CK for Containers was built

%3CLINGO-SUB%20id%3D%22lingo-sub-2571636%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20The%20evolution%20of%20a%20matrix%3A%20How%20ATT%26amp%3BCK%20for%20Containers%20was%20built%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2571636%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22MSC19_microsoftInclusion_redmond_010-900x360.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F297431iC44F37BC5B63FB9A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22MSC19_microsoftInclusion_redmond_010-900x360.jpg%22%20alt%3D%22MSC19_microsoftInclusion_redmond_010-900x360.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F07%2F21%2Fthe-evolution-of-a-matrix-how-attck-for-containers-was-built%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EThe%20evolution%20of%20a%20matrix%3A%20How%20ATT%26amp%3BCK%20for%20Containers%20was%20built%20%7C%20Microsoft%20Security%20Blog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EGiven%20clear%20community%20interest%2C%20inspiration%20from%20Microsoft%E2%80%99s%20work%20on%20the%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F04%2F02%2Fattack-matrix-kubernetes%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethreat%20matrix%20for%20Kubernetes%3C%2FA%3E%3CSPAN%3E%2C%20and%20the%20publication%20of%20research%20from%20other%20teams%2C%20the%20Center%20for%20Threat-Informed%20Defense%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fmitre-engenuity%2Fhelp-shape-att-ck-for-containers-7fe4905623c5%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Elaunched%20an%20investigation%3C%2FA%3E%3CSPAN%3E%26nbsp%3B(sponsored%20by%20several%20Center%20members%20including%20Microsoft)%20that%20examined%20the%20viability%20of%20adding%20containers%20content%20to%20ATT%26amp%3BCK.%20The%20purpose%20of%20the%20Container%20Techniques%20project%20was%20to%20investigate%20adversarial%20behavior%20in%20containerization%20technologies%20and%20determine%20whether%20there%20was%20enough%20open-source%20intelligence%20to%20warrant%20the%20creation%20of%20an%20ATT%26amp%3BCK%20for%20Containers%20matrix%2C%20resulting%20in%20either%20new%20ATT%26amp%3BCK%20content%20or%20a%20report%20on%20the%20state%20of%20in-the-wild%20Container-based%20tactics%2C%20techniques%2C%20and%20procedures%20(TTPs).%20The%20Center%E2%80%99s%20research%20team%20quickly%20concluded%20that%20there%20was%20more%20than%20enough%20open-source%20intelligence%20to%20justify%20technique%20development%2C%20ultimately%20resulting%20in%20the%20new%20matrix.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2571636%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

MSC19_microsoftInclusion_redmond_010-900x360.jpg

The evolution of a matrix: How ATT&CK for Containers was built | Microsoft Security Blog

Given clear community interest, inspiration from Microsoft’s work on the threat matrix for Kubernetes, and the publication of research from other teams, the Center for Threat-Informed Defense launched an investigation (sponsored by several Center members including Microsoft) that examined the viability of adding containers content to ATT&CK. The purpose of the Container Techniques project was to investigate adversarial behavior in containerization technologies and determine whether there was enough open-source intelligence to warrant the creation of an ATT&CK for Containers matrix, resulting in either new ATT&CK content or a report on the state of in-the-wild Container-based tactics, techniques, and procedures (TTPs). The Center’s research team quickly concluded that there was more than enough open-source intelligence to justify technique development, ultimately resulting in the new matrix.

0 Replies
www.000webhost.com