Tripwire Inc. announced enhanced capabilities for preventing and detecting cybercrime. With a new set of advanced cybercrime controls that leverage MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, Tripwire Enterprise now offers hundreds of new tests for hardening against and detecting activities associated with cybercrime behavior.
MITRE’s ATT&CK is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By breaking down an attack into ten different category tactics – each with its own set of techniques – ATT&CK is able to map out each attack chain. Tripwire Enterprise, the company’s flagship secure configuration management suite, has been enhanced to identify the techniques, tactics and procedures (TTPs) outlined in MITRE’s ATT&CK model.
“By building upon our own breach detection rules, with hundreds of new tests that we developed based on the MITRE ATT&CK framework, we’ve boosted Tripwire Enterprise’s ability to detect and protect against behaviors associated with cybercrime,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Organizations can build better preventative measures and be in position to identify a breach sooner by focusing on the behaviors of cyberattackers, instead of just on the specific tools or malware they use.”
In the event that Tripwire Enterprise detects a change associated with cybercrime, it helps incident responders act more swiftly by providing details not only of what changed, but also what the value should be and why a cyberattacker would have made that change. In addition, Tripwire Enterprise automatically collects key attack data, reducing the need to manually collect it across disparate endpoints.
“Tripwire maintains the most comprehensive library of security and compliance coverage,” Erlin added. “We’re constantly enhancing our solutions with new content like this latest set of advanced cybercrime controls so that our customers can take advantage of the broadest set of policies, frameworks and best practices in an effort to maintain strong foundational security controls, from hardening to detection.”
The new advanced cybercrime controls are now available for Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 systems. Support for additional operating systems will be released soon.