Overview
Establishing Robust Defense Against a Wide Range of Mainstream Attacks
The global manufacturing company is a target for cyber criminals looking to gain access to personal, financial, operational, and intellectual property that could be exploited on the black market. Being a perpetual, highly visible target for online criminals means continually refining its security posture to keep cyber assets and critical data protected.
- 800 individual objects created over eight-week period
- 60 use cases developed by the Mandiant Cyber Defense operation for SIEM
- 40+ MITRE techniques exposed and refined to improve overall efficacy
Challenge
Continually Refining Security Posture and Identifying Vulnerabilities
This global manufacturing company is a long-time user of the MITRE ATT&CK framework to validate its security architecture and support the development of specific threat models and methodologies. The company wanted assistance identifying and addressing any potentially obscured or nuanced vulnerabilities in its defenses.
The manufacturer needs to continually refine its security posture to ensure its cyber assets and critical data always remain protected. And, as a rich target for cyber criminals, the organization attaches significant strategic importance to cyber security to enable it to attract and retain top-tier talent and expertise from across the security industry.
Solution
Mandiant Elevates Detection, Response, and Fortification in Three Phases
The company engaged the Mandiant Cyber Defense Operations team to develop use cases to be deployed in the SIEM to elevate detection, response capabilities, and fortify the attack surface in three phases:
- Creating a tailored threat profile based on Mandiant’s Threat Intelligence by assessing the network’s topology, existing use cases, and visibility across the infrastructure. The findings were filtered and combined with a comprehensive analysis of the company’s existing MITRE ATT&CK coverage and overlaid with Mandiant Threat Intelligence heat maps.
- The Mandiant consultants focused on the creation of use cases aligned to address gaps. Each use case included detection criteria to identify newly profiled compromise attempts.
- Detection logic pseudocode was submitted to the company’s SIEM, then each use case was tested for effectiveness. Preconfigured templates ensured use cases followed the same coding methodology, taxonomy, and aligned to address specific threats.
Results
Eight-week Engagement Leads to Annual Agreement and Ongoing Enhancements
Each use case was mapped to individual elements of the MITRE ATT&CK framework. Integrating this detection logic gave the company the ability to quantify measurable enhancements to their detection and remediation capabilities.
The Mandiant Cyber Defense Operation engagement lasted approximately eight weeks and resulted in the creation of 60 new use cases comprised of almost 800 individual detection objects. This addressed over 40 MITRE techniques previously uncovered prior to the project’s launch, a solid double digit percentage uplift in the number of enterprise techniques deployed at the company. In addition to the newly implemented use cases, the detection capabilities of more than a dozen existing MITRE techniques were further enhanced using information directly sourced from the engagement.
Due to the positive impact of the engagement, the company signed an annual agreement to work with Mandiant to further accelerate use case development and ensure ongoing enhancements.
More About Company
Global Fortune 500 manufacturing corporation fortifies itself
The company is a high-profile multinational engineering and manufacturing corporation. It is also a market leader in many of the business sectors it operates in. As a member of the Global Fortune 500, the company can be a frequent target for cyber criminals. Its goal was to establish a robust defense against a wide range of mainstream attacks.