A global cyber-skills training provider has become the first company to integrate its platform with the MITRE ATT&CK framework.
Immersive Labs has mapped its training to the globally recognized knowledge base, which organizes and categorizes various types of tactics, techniques, and procedures used by digital-threat actors to help organizations spot flaws in their cyber-defenses.
According to Immersive Labs CEO James Hadley, this new approach of mapping skills against a framework of threats was driven by market need.
He said: "We are being asked for this by CISOs, so we looked at a variety of different frameworks, and MITRE was the one that we discovered had the most depth and credibility in the industry, and therefore it has had our initial focus.
"MITRE’s advantage is that it highlights specific types of threat-actor tactics, enabling organizations to better organize threat intelligence as well as testing their capabilities against real-world attacks.
"As far as we know, no other company has mapped skills to MITRE in this way. It is a mindset switch for companies to start thinking of people as a part of their defensive perimeter in the same way that they think of technology."
MITRE, a systems engineering company set up in 1958 to work on issues of national defense, set up the not-for-profit ATT&CK framework in 2013. The framework provides a valuable record of cyber-attacks. However, since it is updated only quarterly via publicly available threat intelligence and incident reporting by security experts, it may not always provide an accurate picture of the current threat landscape.
To mitigate against any time lag between the ATT&CK framework and the status quo, Immersive Labs' platform uses real-time feeds of the latest attack techniques, hacker psychology, and technological vulnerabilities to rapidly build gamified learning environments for IT and security teams. Platform users can then have a crack at tackling the newest wave of threats and identify any gaps in their cybersecurity knowledge.
For Hadley, a strong, forward-looking cybersecurity strategy relies on company-wide training.
He said: "Cybersecurity is no longer something handled by a select few while the majority remain ignorant; it is everyone’s problem, and because of this, cyber-skills initiatives need to engage and inspire every part of an organization."