CNS_Replies_7
docx
keyboard_arrow_up
School
California State University, Fullerton *
*We aren’t endorsed by this school
Course
1964
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
3
Uploaded by marttiatoo
Reply:
If you're curious about the inner workings of the company you're trying to hack, you can
search MITRE ATT&CK to learn more. Dig deeper into the site's content. All of an
organization's known TTPs will be displayed on this page. TTPs describe how an
organization plans to protect itself from cyberattacks. MITRE produced the ATT&CK
Architecture 2013 to help businesses better protect themselves against cyberattacks. It's a
powerful tactic for acquiring as much land as possible. The ATT&CK architecture is built
from open-source materials like cyberattack research, threat intelligence, and protective
measures. In addition, it explains what companies may do to stay safe, a thorough evaluation
of potential threats, and strategies for detecting them. MITRE can monitor the presence and
actions of adversarial groups, identify their leaders and assign them a guilt rating. The
program facilitates the availability of these features. The relevant information is available on
the organization's assault page.
Reply:
IT managers need to be aware of the group's strategies and be able to counter them if they
want to ensure the security of their company's systems. The team's methods are explained
under the MITRE ATT&CK menu item. Threats such as zero-day exploits, APTs, spear
phishing, and social engineering are always possible. Firewalls, intrusion detection systems,
and frequent vulnerability assessments are just a few tools I.T. managers can use to protect
their networks against intrusion. A well-informed and well-equipped workforce is the best
barrier against spear phishing and other forms of social engineering. Updating your software
and installing security patches is another way to stave off zero-day attacks. Managers in the
technology sector need to be flexible and forward-thinking. Unit 26165 of the Russian
military maintains constant communication with APT28. The GU/GRU's Main Directorate
includes this section. This function is supported by the U.S. Department of Justice indictment
from 2018. Significant evidence linking ATP28 to Russian military or civilian intelligence
services was uncovered in 2016 by U.S. law enforcement officials. During a 2018 evaluation
of the security landscape, the Estonian Intelligence Service revealed the methods threat
groups use to safeguard their digital assets.
Reply:
Businesses can use ATT&CK to research competitors, check their networks for weaknesses,
and organize a defense. The main difference between the two approaches is who they're
aimed at. There's a chance your enemy is hatching a plan right now. Each "tactics" game has
a wide variety of strategies. Your opponent's goal may become apparent as you learn about
their skill level, resources, and willingness to take risks. MITRE has started using the cloud
for business purposes. New strategies, techniques, and procedures are added to the ATT&CK
Enterprise matrix. The MITRE ATT&CK Cloud matrix was created because attacks against
cloud services differ from those against desktop OSes like Windows, mac OS, and Linux.
Managers in the IT field have a few options at their disposal for lowering potential dangers.
Without email filtering, businesses are easily prey for spear phishing attacks. Don't open
suspicious files or visit suspicious websites at work, as doing so could compromise your
password. Warning employees against forming dubious ties is a good idea. Multi-factor
authentication helps stop privilege abuse in internal networks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help