For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PSFletchTheTek's avatar
PSFletchTheTek
Icon for Cumulonimbus rankCumulonimbus
Dec 19, 2022

F5 and AWAF Mitre Att&ck mapping

Hi All, I've started my Christmas down time musing a couple of things I want to hit in the new year. One of these being looking at AWAF in more detail and looking at the mitre att&ck framework in m...
application delivery
security
F5_Design_Engineer's avatar
F5_Design_Engineer
Icon for MVP rankMVP
Dec 19, 2022

Hi PSFletchTheTek ,

MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors to close gaps in visibility based on real-world observations. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of matrices as well as via STIX/TAXII. Since this list is a fairly comprehensive representation of behaviors attackers employ when compromising networks, it is useful for a variety of offensive and defensive measurements, representations, and other mechanisms.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity.

MITRE is a framework , you can use it to customize your network threat modelling.

 

Based on the threat modelling you will identify the different domains base don your network which could be different for different customers as they may have different set of netowrk devices, hence one threat model applies to one client may not necessary be identical to the other client network threat model.

 

Once you know the type of Network resources that can be under threat using MITRE frameowrk, you can pick and elimate the unused environment attack signature based on your network threat model report.

You can watch the following F5 demo at youtube

BIG-IP AWAF Demo 22 - Use and Enforce Attack Signatures with F5 BIG-IP Adv WAF (formerly ASM)

 https://www.youtube.com/watch?v=BZcxJIX2sUs

This will answer a lot of your queries.

You may find many resemblances between MITRE and OWASP top 10 and CWE/SANS.

 

ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. It’s free for use by any organization and has gained a lot of traction over the last few years. Due to this popularity, a growing number of industry research reports present findings based on ATT&CK.

here you can get more depth nowledge about this framework as it is a very vast hence you can start it from here:

Its open source and can be used for free by any organization to develo its own threat model and subsequenty the mitigation techniquet and which attack signatures to be included in your security policy.

https://attack.mitre.org/matrices/enterprise/

https://www.f5.com/labs/learning-center/mitre-attack-what-it-is-how-it-works-who-uses-it-and-why

https://www.f5.com/labs/articles/threat-intelligence/2022-application-protection-report-in-expectation-of-exfiltration

https://www.f5.com/services/resources/reports/office-of-the-cto-zero-trust-and-the-mitre-frameworks

https://www.f5.com/labs/articles/threat-intelligence/2021-application-protection-report-supplement-sectors-and-vectors

https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/The-State-of-the-State-of-Application-Exploits-in-Security-Incident-F5Labs-rev22JUL21.pdf

https://www.f5.com/content/dam/f5/corp/global/pdf/report/office-of-the-cto-zero-trust-and-the-mitre-framework.pdf

https://www.f5.com/labs/articles/cisotociso/5-cybersecurity-predictions-for-2023

https://www.f5.com/labs/learning-center/mitre-attack-what-it-is-how-it-works-who-uses-it-and-why#:~:text=MITRE%20ATT%26CK%20is%20a%20highly,malicious)%20to%20aid%20in%20their

HTH