The US cybersecurity company CISA on Wednesday introduced new sources for safety groups trying to include cyberattacks and evict hackers from their networks.
The brand new Eviction Methods Software features a web-based utility known as Playbook-NG (Cyber Eviction Methods Playbook Subsequent Era), and a database of post-compromise countermeasures, named COUN7ER.
“Collectively, Playbook-NG and COUN7ER can assemble a scientific eviction plan that leverages distinct countermeasures to include and evict a singular intrusion,” CISA notes.
The 2 open supply sources, maintained by CISA on the Eviction Methods Software’s GitHub web page, help with tailor-made adversary eviction methods and are anticipated to speed up incident response plan creation.
Playbook-NG is a stateless utility that enables defenders to match incident discoveries with countermeasures for hacker eviction, and which will also be used to generate life like plans for tabletop train (TTX) situations.
Defenders feed Playbook-NG’s interface with TTPs or descriptions of adversary actions and the appliance gives really helpful response actions, which may be exported. Playbook-NG doesn’t retain info on the defender and their enter, however exported information may be re-uploaded and modified.
“Playbook-NG additionally permits cyber defenders to begin with an incident template that CISA created and curated. These templates describe particular collections of TTPs in a marketing campaign or occasion {that a} cyber defender might use as is or shortly customise. Playbook-NG gives an agile set of steering that follows a ‘write as soon as, share many’ mannequin of defensive methods,” CISA explains.
COUN7ER is a curated assortment of post-compromise countermeasures and mitigations that Playbook-NG pulls entries from. These actions are cross-referenced with a number of frameworks — together with MITRE’s ATT&CK, D3FEND, and Frequent Weak spot Enumeration (CWE) — and aligned with greatest practices.Commercial. Scroll to proceed studying.
The database at the moment accommodates greater than 100 absolutely developed entries, every offering particulars on the supposed consequence, preparation, dangers, associated countermeasures, steering, and references.
“CISA often opinions the COUN7ER database and updates it primarily based on incident observations, risk intelligence, and different sources of data on risk actor ways. Countermeasures bear a rigorous evaluate course of to evolve to written model, voice, and accuracy,” CISA says.
This week CISA additionally launched new steering as a part of its Journey to Zero Belief sequence, overlaying the introduction and planning for microsegmentation in zero belief.
Microsegmentation in Zero Belief, Half One (PDF) defines core ideas, particulars the phased strategy to microsegmentation, and gives planning issues and examples of microsegmentation situations.
Associated: Senate Committee Advances Trump Nominee to Lead CISA
Associated: Organizations Warned of Exploited PaperCut Flaw
Associated: Video: ESG – CISO’s Information to an Rising Threat Cornerstone
Associated: NASA Wants Company-Huge Cybersecurity Threat Evaluation: GAO
