Threat Navigator

Understand Your ATT&CK Technique Detection Gaps. Eliminate Them.

1
An Intuitive Tool That Empowers You to Fully Utilize the MITRE ATT&CK Framework

Threat Navigator maps to the attacker tactics and techniques of the MITRE ATT&CK framework. It offers instant visualization of your coverage against any technique, at any given moment in time.

The threat coverage score updates constantly, based on the overlap of three fluid sources:
- Security visibility data collected by the CFC
  from your business environment
- Cyber Fusion Center threat detection and
  correlation rules
- Threat actors targeting your industry vertical
2

See it. Score it. Close it.

Request a Demo

What Threat Navigator Can Do for You

Dynamic Threat Detection Visibility, Tailored to Your Business

As your threat model changes and your business needs shift, Threat Navigator updates to ensure that you are always ahead of the curve.
Objective Information

Make informed decisions on minimizing security coverage gaps and improving your security posture – including technology investments – based on objective facts, instead of a hunch or vendor marketing.
Actionable Recommendations

Understand which technique coverage you should prioritize. Threat Navigator shows you the top technique coverage gaps, and actionable recommendations on how to close them.
Security Resiliency Guidance

Not every threat gap exists due to lack of technical investments – it could be due to misconfiguration, technology use, or implementation. The resilience module will draw conclusions from your incidents and help you take actions that support a proactive stance.

Methodology

Onboarding with Kudelski Security’s Managed Detection and Response service is thorough for a reason. The more information we have about your business, the better our joint threat model is, and the better we are able to protect you.

Define Cybersecurity Threat Model

Creating a comprehensive threat model – based on your attack surface, your business priorities, and threat actors likely to target your organization – is pivotal to understanding how your organization may be targeted. It is a crucial first step to highlighting critical security gaps in your visibility and coverage.
Defend Effectively: Automatically Close Prioritized ATT&CK Technique Coverage Gaps

Rather than take an “all-at-once” approach, the Threat Navigator tool highlights the attacker techniques that are of highest priority to your organization. By merging data sources from your environment with available detection rules and contextual information about your industry sector and geographic presence, Threat Navigator emphasizes the top 5 recommended techniques to your organization to begin closing ATT&CK coverage gaps. Next recommended attacker techniques are also documented.
Understand Data Requirements for Attack Technique Detection

Once you understand the attack techniques your organization faces, a data checklist helps to reduce the noise and define the critical data necessary. Continuous threat-informed defense is the goal – to strengthen your overall security posture.
Prioritize Attack Mitigations

With the groundwork laid out, Threat Navigator is a useful tool to help you prioritize your mitigation activities. Once you have a clear understanding of the type of attacks you face, you can begin to address how to best protect your critical assets.

Frequently Asked Questions

What is Threat Navigator? Is it available as a standalone tool?

Threat Navigator is an innovative tool designed by Kudelski Security and based on the widely recognized MITRE ATT&CK® Framework. Threat Navigator helps you identify where you have threat visibility gaps and guides you in understanding how to address them. It is available to all Kudelski Security Managed Detection & Response (MDR) clients at no extra charge.

The tool is not currently available as a standalone product.
How does Threat Navigator prioritize the techniques where I lack visibility?
Threat Navigator leverages data maintained by Kudelski Security’s Threat Detection and Research team.

The prioritization focuses on three areas:
- First, the threat actors – and the techniques they use – that are most likely to target your industry
- Second, the data that comes from your security visibility technologies
- Third, the Kudelski Security maintained detection rules
The aggregation of these data inputs enables us to understand where your security coverage gaps are and the top five gaps you need to address.
How does Threat Navigator help improve my security maturity?

With Threat Navigator, we leverage real data about your security visibility and up to the minute threat intelligence to provide guidance instead of guessing or estimating your coverage. This way, we can help your organization identify likely threats you may face, understand the ATT&CK techniques the threat actors may leverage, and understand if you currently have visibility into those techniques. Threat Navigator helps you identify where you have visibility gaps and guides you in understanding how to address them. We help you prioritize by providing insight into how many threat actors have been known to abuse the technique in the past – showing where to focus and improve next.
Will I have security visibility outside of my Kudelski Security MDR Services?

Threat Navigator is designed to enable you to understand where the Kudelski Security Cyber Fusion Center and your organization have visibility gaps and help you prioritize them appropriately. In order to ensure Threat Navigator is giving you the best guidance possible, you can update Threat Navigator with visibility you may have outside your Kudelski Security MDR Services. You can choose to mark data sources as “covered” if you’re monitoring the source yourself or if another provider has that visibility on your behalf. This enables Threat Navigator to give you the best possible guidance.
Does Threat Navigator support automated detection deployment?

The Kudelski Security Detection Engineering Team manages and maintains our detections “as code” – meaning we leverage the information from Threat Navigator to understand where our clients have visibility and prioritize our detection engineering activities appropriately. We’re even able to automatically deploy detections to your infrastructure (on supported technologies). This means our client’s global visibility is always considered when prioritizing new detection logic.

Featured Resources

ModernCISO Guide

ModernCISO Guide to Managed Detection & Response

The MDR market has become crowded, noisy, and competitive. As a security leader, how do you differentiate between MDR providers whose claims sound similar, but who actually deliver widely varying levels of service and detection capability?

Solution Overview

MDR Services Solution Overview

Our Managed Detection and Response (MDR) services address the multiple environments of a modern workplace: on-premise IT infrastructure, distributed endpoints, cloud, and OT/ICS environments. We focus on outcomes, not on managing security technologies. We deliver deep visibility and coverage to rapidly surface critical threats and provide your security team hands-on support to contain or remediate incidents.

Blog

MITRE ATT&CK & D3FEND: Step-by-Step Guide to Closing Security Visibility Gaps

We’ll explain what MITRE D3FEND is, how it complements the MITRE ATT&CK framework, and how you can use it to identify and close gaps in security visibility.

Factsheets

A Different Approach to MDR

Protecting your Changing Environments with High-Touch, Customized Threat Detection & Response Services.