During the triage and analysis phase in which the Virtual Analyst L1 operates, it also assigns the categorization of the MITRE to each individual Incident.
The MITRE Corporation manages federally funded research and development centers supporting several U.S. government agencies. MITRE is also responsible for maintaining the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework, which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK framework is a categorization of various tactics, techniques, and procedures (TTPs) that adversaries use. The categorization is based on the different stages of an attack, starting from initial access and going all the way through actions on objectives.
The ability of the Virtual Analyst L2 to perform analysis based on MITRE categorization enables the “MITRE Kill Chain Analysis”, i.e., a search for all the possible combinations of schemes that the attacker must pursue to obtain the compromise of the attacked system starting from the single houses L1.
Having analyzed through the AI instance of the Virtual Analyst L1, the whole 100% of the alerts allow the AI of RedCarbon Virtual Analyst L2 to search without a compromise indicator (IOC) pattern that would have gone unnoticed.
This ability is beneficial in all those cases where the customer owns or has inherited situations of different technological choices. An example is the central public administration in many states or regions or some corporations whose presence is the result of merger/acquisition operations or present in the territory without a previous univocal technological choice or coordination of purchases.
The AI of RedCarbon’s L2 Virtual Analyst enables a higher mitigation capacity in the presence of complex situations and explodes at end customers, different technological choices used before only for a fraction of their value.
The RedCarbon database classifies cases regardless of the detection source system, thus allowing you to identify attempts at a compromise that may have been detected even by detection systems from different vendors.
© 2022 RedCarbon SA. All rights reserved