Leveraging MITRE ATT&CK to Secure the Cloud

Cloud security is a complex landscape to navigate. That’s partly because each cloud provider’s security offerings are at a different level of maturity. It’s also because there is little publicly available information on the efficacy of these controls. New research from MITRE Engenuity’s Center for Threat-Informed Defense is mitigating this complexity and increasing cloud cybersecurity effectiveness.

The Center partnered with key research partners (including AttackIQ), security vendors, and service providers to map cyberattackers’ tactics, techniques, and procedures (TTPs) to the cloud-based security controls designed to thwart them. The first cloud platform for which the Center released this research is Microsoft Azure. AttackIQ is now building on this effort by developing scenarios for its Security Optimization Platform to help organizations determine their Azure cloud cybersecurity controls’ effectiveness.

In this whitepaper, we will discuss:
• The ever-increasing threat of attackers targeting cloud platforms and resources,
• How MITRE Engenuity’s Center for Threat Informed Defense is approaching the process of mapping known attacker TTPs to each of the major public cloud providers (Microsoft Azure, AWS, and Google Cloud),
• The first mappings for Microsoft Azure,
• …and how security operation centers can leverage the results of this research.