Salus Cyber

Frameworks

MITRE ATT&CK

Salus Cyber reports take advantage of the Mitre ATT&CK framework to provide you further insights.

Characterise weaknesses in your assets in terms of how adversaries may utilise them in a real incident.

The MITRE ATT&CK framework is a comprehensive knowledge base and framework that catalogues and describes adversary tactics, techniques, and procedures (TTPs) observed in real-world cyber attacks. It is widely used in the cybersecurity industry to enhance threat intelligence, incident response, and proactive defence strategies.

The MITRE ATT&CK framework serves several purposes. It provides a standardised language for discussing and sharing information about cyber threats, enabling organisations to better understand and respond to adversary behaviour. It helps security teams align their defences and detection capabilities with known adversary TTPs, allowing them to identify gaps, improve security controls, and prioritise defensive measures. Furthermore, the framework facilitates the development and evaluation of security tools, technologies, and methodologies by providing a common reference for testing and validation.

Salus Cyber utilises this information to enrich the vulnerabilities identified in our engagements, making our deliverables useful to more of your internal teams and allowing you to benchmark your environments against the threat agents relevant to your organisation and industry.

First Line Dark

STANDARDISED LANGUAGE AND CONTEXT

The MITRE ATT&CK framework provides a standardised language and contextual framework for describing security vulnerabilities. This allows security professionals to communicate and report vulnerabilities in a consistent and clear manner.

ENHANCED VISIBILITY AND PRIORITISATION

The MITRE ATT&CK framework helps security teams gain better visibility into the potential impact of a vulnerability. By mapping the vulnerability to specific tactics and techniques, it becomes easier to assess the level of risk associated with the vulnerability and prioritise remediation efforts accordingly.

COMPLEXITY AND GRANULARITY

The MITRE ATT&CK framework is detailed and extensive, encompassing numerous tactics, techniques, and sub-techniques. Salus Cyber solves this by optionally including post-exercise washup meetings, where the complexities of the relevant areas of the framework can be explained in greater detail.

LIMITED COVERAGE OR GAPS

The MITRE ATT&CK framework is continuously evolving and being updated with new adversary tactics and techniques. However, there may still be instances where a vulnerability does not have a direct match within the framework, especially if it involves emerging or unique attack vectors. Using a combination of the MITRE ATT&CK framework, NCSC CAF, and our own categorisation methodology, Salus Cyber consultants can relate the vulnerabilities in your network in objective, understandable terms that are useful for your organisation.

More Frameworks 

Cyber Essentials Basic

Cyber Essentials Plus

ISO 27001

NCSC Cyber Assessment Framework

NIST 800-53

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.
    Simple.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back