Next DLP, a pioneer in data loss prevention and insider threat solutions announced that their Reveal Platform is the first Insider Risk Management solution to automatically map detection events to MITRE Engenuity Centre for Threat-Informed Defense’s (Centre) expanded Insider Threat Knowledge Base (ITKB 2.0). The ITKB 2.0 is the first of its kind to offer an evidence-based, multi-organisational, and publicly-available compendium of insider threat tactics, techniques, and procedures (TTPs).
This endeavour was developed in partnership between MITRE, Next DLP, CrowdStrike, HCA Healthcare, JPMorgan Chase Bank, N.A., Lloyds Banking Group, Microsoft Corporation, and Verizon Business.
MITRE’s TTPs
Legacy solutions often require extensive manual effort to correlate detection events
Digital transformation and hybrid workforces have significantly increased the complexity and volume of insider threats organisations face. Legacy solutions often require extensive manual effort to correlate detection events with specific threat behaviours, resulting in delayed responses, potential security breaches, and data leaks.
Reveal addresses this challenge head-on by automatically including MITRE’s Techniques, Tactics, and Procedures (TTPs) in its detections, incidents, and analyst case reports.
Detecting malicious insiders
“The expansion and refinement of our data repository was made possible by new cases and insights from our dedicated data contributors,” said Suneel Sundar, Director of R&D, of the Centre.
“We’re delighted that Next is leveraging our knowledge of adversary behaviours and capabilities to provide defenders with a better opportunity to detect malicious insiders.”
Maximising efficiency
By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle
By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle, from initial reconnaissance and data collection to defense evasion and exfiltration.
For the chronically overstretched Security team, a persistent problem given the ongoing security talent shortage, this rich information view maximises the efficiency of analyst resources, empowering security teams of all sizes to perform at heightened levels.
Data protection standard
“With Reveal, and in partnership with MITRE CTID, we are setting a new standard for data protection and insider threat mitigation,” said John Stringer, Head of Product at Next DLP.
“By automating the mapping of detections to MITRE’s Insider Threat TTPs, we enhance our clients' security posture by demonstrating MITRE ATT@CK coverage and significantly reducing the time and resources required to identify, respond to and report on high-impact insider threat activity.”
