Threat Navigator: Visualize, Prioritize, Fortify
Threat Navigator enables you to visualize your ATT&CK detection gaps, prioritize their elimination, and systematically strengthen your resilience to the threats that are targeting your organization.
Proactive threat detection depends on being able to work out which threats are relevant to you, to what extent you are covered, and what action you should take to close the gaps. The Threat Navigator tool is founded on the MITRE ATT&CK framework and custom-based threat modeling. It is fully integrated into the Kudelski Security client portal.
An Intuitive Tool That Empowers You to Utilize the MITRE ATT&CK Framework
The threat coverage score updates constantly, based on the overlap of three fluid sources:
See it. Score it. Close it.
-
1
An Intuitive Tool That Empowers You to Fully Utilize the MITRE ATT&CK Framework
Threat Navigator maps to the attacker tactics and techniques of the MITRE ATT&CK framework. It offers instant visualization of your coverage against any technique, at any given moment in time.
The threat coverage score updates constantly, based on the overlap of three fluid sources:
- Security visibility data collected by the CFC
from your business environment - Cyber Fusion Center threat detection and
correlation rules - Threat actors targeting your industry vertical
- Security visibility data collected by the CFC
-
2
See it. Score it. Close it.
What Threat Navigator Can Do for You
-
Dynamic Threat Detection Visibility, Tailored to Your Business
As your threat model changes and your business needs shift, Threat Navigator updates to ensure that you are always ahead of the curve.
-
Objective Information
Make informed decisions on minimizing security coverage gaps and improving your security posture – including technology investments – based on objective facts, instead of a hunch or vendor marketing.
-
Actionable Recommendations
Understand which technique coverage you should prioritize. Threat Navigator shows you the top technique coverage gaps, and actionable recommendations on how to close them.
-
Security Resiliency Guidance
Not every threat gap exists due to lack of technical investments – it could be due to misconfiguration, technology use, or implementation. The resilience module will draw conclusions from your incidents and help you take actions that support a proactive stance.
Methodology
Onboarding with Kudelski Security’s Managed Detection and Response service is thorough for a reason. The more information we have about your business, the better our joint threat model is, and the better we are able to protect you.
-
Define Cybersecurity Threat Model
Creating a comprehensive threat model – based on your attack surface, your business priorities, and threat actors likely to target your organization – is pivotal to understanding how your organization may be targeted. It is a crucial first step to highlighting critical security gaps in your visibility and coverage.
-
Defend Effectively: Automatically Close Prioritized ATT&CK Technique Coverage Gaps
Rather than take an “all-at-once” approach, the Threat Navigator tool highlights the attacker techniques that are of highest priority to your organization. By merging data sources from your environment with available detection rules and contextual information about your industry sector and geographic presence, Threat Navigator emphasizes the top 5 recommended techniques to your organization to begin closing ATT&CK coverage gaps. Next recommended attacker techniques are also documented.
-
Understand Data Requirements for Attack Technique Detection
Once you understand the attack techniques your organization faces, a data checklist helps to reduce the noise and define the critical data necessary. Continuous threat-informed defense is the goal – to strengthen your overall security posture.
-
Prioritize Attack Mitigations
With the groundwork laid out, Threat Navigator is a useful tool to help you prioritize your mitigation activities. Once you have a clear understanding of the type of attacks you face, you can begin to address how to best protect your critical assets.
Frequently Asked Questions
-
What is Threat Navigator? Is it available as a standalone tool?
Threat Navigator is an innovative tool designed by Kudelski Security and based on the widely recognized MITRE ATT&CK® Framework. Threat Navigator helps you identify where you have threat visibility gaps and guides you in understanding how to address them. It is available to all Kudelski Security Managed Detection & Response (MDR) clients at no extra charge.
The tool is not currently available as a standalone product.
-
How does Threat Navigator prioritize the techniques where I lack visibility?
Threat Navigator leverages data maintained by Kudelski Security’s Threat Detection and Research team.
The prioritization focuses on three areas:
- First, the threat actors – and the techniques they use – that are most likely to target your industry
- Second, the data that comes from your security visibility technologies
- Third, the Kudelski Security maintained detection rules
The aggregation of these data inputs enables us to understand where your security coverage gaps are and the top five gaps you need to address.
-
How does Threat Navigator help improve my security maturity?
With Threat Navigator, we leverage real data about your security visibility and up to the minute threat intelligence to provide guidance instead of guessing or estimating your coverage. This way, we can help your organization identify likely threats you may face, understand the ATT&CK techniques the threat actors may leverage, and understand if you currently have visibility into those techniques. Threat Navigator helps you identify where you have visibility gaps and guides you in understanding how to address them. We help you prioritize by providing insight into how many threat actors have been known to abuse the technique in the past – showing where to focus and improve next.
-
Will I have security visibility outside of my Kudelski Security MDR Services?
Threat Navigator is designed to enable you to understand where the Kudelski Security Cyber Fusion Center and your organization have visibility gaps and help you prioritize them appropriately. In order to ensure Threat Navigator is giving you the best guidance possible, you can update Threat Navigator with visibility you may have outside your Kudelski Security MDR Services. You can choose to mark data sources as “covered” if you’re monitoring the source yourself or if another provider has that visibility on your behalf. This enables Threat Navigator to give you the best possible guidance.
-
Does Threat Navigator support automated detection deployment?
The Kudelski Security Detection Engineering Team manages and maintains our detections “as code” – meaning we leverage the information from Threat Navigator to understand where our clients have visibility and prioritize our detection engineering activities appropriately. We’re even able to automatically deploy detections to your infrastructure (on supported technologies). This means our client’s global visibility is always considered when prioritizing new detection logic.
Featured Resources
Threat Navigator: Visualize, Prioritize, Fortify
Complete the form to talk with one of our security experts and learn how Threat Navigator can help your organization strengthen its resilience against targeted threats.