MITRE ATT&CK Matrix in VMDR Prioritization
Consider a scenario where a threat actor wants to install malware to infect workstations on the network. Initially, the threat actor can use the Initial Access Tactic to gain network access. The Initial Access Tactic consists of 10 Techniques. The attacker can use any of these techniques to maliciously get network access. Once the attacker gains access, they can further use the Lateral Movement Tactic to infect the systems in the network. The Lateral Movement Tactic consists of 9 Techniques. To evaluate, determine, and remediate such attacks the MITRE ATT&CK Matrix in the Prioritization tab helps you enhance the robustness of your organization's products and services.
Perform the following steps in the VMDR Prioritization tab to get in-depth information about MITRE ATT&CK Matrix for your Qualys Cloud Platform:
- Click MITRE ATT&CK Matrix.
- Select critical asset tags to prioritize your MITRE ATT&CK Matrix scope.
- Based on the asset tags selected, the MITRE ATT&CK Matrix page gives an interactive representation of the ATT&CK Tactics and Techniques.
- Hover on any of the Tactic Name to get the list of vulnerabilities, and misconfiguration on assets. The Technique name listed is alongwith the Risk Findings.
To expalin the MITRE ATT&CK Matrix in detail, in screenshots we have used Initial Access Tactic and its Techniques as an example.
- Click any of the Tactic Name. This Tactic Name lists its techniques alongwith the Risk Findings. The following screenshot is an example when the Initial Access Tactic is selected:
-
If you want to get more details about the technique that has the highest Risk Finding, click the Technique Name. In this example, Exploit Public-Facing Applications has the highest number of Vulnerabilities and Asset. Thus, when you click a Technique Name, a complete information of the technique name is displayed.
Following is the information about each Technique widget-
- TruRisk- The TruRisk widget in the Technique Name shows the average score of all the assets which are under the selected tags.
- Top Critical Assets- The Top Critical Assets lists the hostnames under the selected tags, their TruRisk Score, and assets with QIDs, tactics and techniques.
- Internet Exposed Asset Findings- Internet-Facing assets are the most vulnerable assets. Using the system-defined Internet Facing Assets the Internet Exposed Asset Findings widget lists the vulnerable hostnames; which in turn, expedites the process of addressing vulnerabilities and securing your internal sensitive information.
- Internet Exposed Assets with RDP open ports- Threat Actors can use Open Ports for backdoor entries or system idenfitication. The Internet Exposed Assets with RDP open ports displays the ports with vulnerabilities, open database ports and open risky ports.
- Vulnerability Findings- Click any of the QIDs listed in the Vulnerability Findings widget to get the General Information of the Vulnerability such as its Identification, CVSS Summary, Vulnerability Analysis, Exploitability, Patches, and Malware.
- Configuration Findings- The Configuration Findings widget gives the list of the controls that were incorrectly configured.
Thus, with the help of the various widgets in the MITRE ATT&CK Matrix in the Prioritization tab, you can continuously reevaluate your security configurations and secure your network.