Looking to buy an NDR Solution? Get Free Guide and choose the best one

Search
Close this search box.

How to Use MITRE ATT&CK® for Deception Missions

The MITRE ATT&CK Framework® was developed with a single purpose in mind: to better detect post-compromised cyber adversary behavior.

Detection assumes that attackers have already infected assets inside the organization, and they have been “caught” (or found out). The goal of a Deception solution is to detect adversaries BEFORE the damage is caused to an organization. With a Deception tool, we can analyze the techniques used in real attacks, which then provides security teams important insights into the activities of their adversaries.

The below image demonstrates how Fidelis Deception maps and correlates with the MITRE ATT&CK framework. It shows how Deception covers the kill chain by discovering specific techniques out of the matrix. Note that the goal is not to explain the ATT&CK Framework itself – rather how Fidelis deception covers and matches the framework’s techniques.

How Does Fidelis Deception Work?

The Fidelis Deception Module (FDM) allows organizations to quickly and accurately detect breaches, engage attackers and neutralize advanced cyber threats. Offering a unique combination of adaptive intelligent deception, terrain analysis and security visibility. FDM advanced technology cuts time-to-resolution from weeks and months to hours and minutes.

Fidelis Deception Module empowers IT security professionals to go on the offensive against sophisticated network threats. The advanced platform learns complex network topographies and resources by sniffing and analyzing internal and egress traffic. It leverages its deep network insights to intelligently build and distribute the deception layer consisting of emulated and Real OS decoys, applications, breadcrumbs and Active Directory to lure attackers and expose their activity.

Fidelis Deception Module enhances organizational threat intelligence and security visibility. With powerful asset-profiling and classification capabilities that map every asset and subnet in the network, FDM offers defenders a clear view of potential threats and builds comprehensive deception and detection layers for each individual network. Seamlessly integrating with third-party security tools, FDM enriches SIEM/SOC systems. FDM actively adapts to dynamic network conditions by constantly monitoring network traffic, including new assets and IoT devices. This means that the deception layer is always optimized. Moreover, control over all communication channels allows Fidelis Deception Module to expose risky applications and networking servers in use.

The result is a Deception platform that is accurate, triggering actionable incidents with no false positives.

About Author

Doron Kolton

Doron held executive and management roles in cyber security and software development for over 25 years. He serves now as the CTO for the Deception at Fidelis Security. Doron founded TopSpin Security in 2013 building an enhanced architecture providing accurate detection with minimal overhead; he was the CEO of TopSpin Security until the company was acquired by Fidelis Security. Previously he served as Vice President of Products and Engineering at Breach Security acquired by Trustwave defining and developing advanced Web Application Firewall. Before that he had several roles in Motorola Semiconductor Israel including leading the software development for the company.

Related Readings

One Platform for All Adversaries

See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.