Next DLP (“Next”), a leader in data loss prevention and insider threat solutions, says its Reveal Platform is the first Insider Risk Management solution to automatically map detection events to MITRE Engenuity Center for Threat-Informed Defense’s (“Center”) expanded Insider Threat Knowledge Base (ITKB 2.0).
The ITKB 2.0 is the first of its kind to offer an evidence-based, multi-organizational, and publicly-available compendium of insider threat tactics, techniques, and procedures (TTPs). This endeavour was developed in partnership between MITRE, Next DLP, CrowdStrike, HCA Healthcare, JPMorgan Chase Bank, N.A., Lloyds Banking Group, Microsoft Corporation and Verizon Business.
Digital transformation and hybrid workforces have significantly increased the complexity and volume of insider threats organizations face. Legacy solutions often require extensive manual effort to correlate detection events with specific threat behaviours, resulting in delayed responses, potential security breaches, and data leaks.
Reveal addresses this challenge head-on by automatically including MITRE’s Techniques, Tactics, and Procedures (TTPs) in its detections, incidents, and analyst case reports.
“The expansion and refinement of our data repository was made possible by new cases and insights from our dedicated data contributors,” said Suneel Sundar, Director R&D, of the Center. “We’re delighted that Next is leveraging our knowledge of adversary behaviours and capabilities to provide defenders with a better opportunity to detect malicious insiders.”
By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle, from initial reconnaissance and data collection to defence evasion and exfiltration.
For the chronically overstretched Security team—a persistent problem given the ongoing security talent shortage—this rich information view maximizes the efficiency of analyst resources, empowering security teams of all sizes to perform at heightened levels.
“With Reveal, and in partnership with MITRE CTID, we are setting a new standard for data protection and insider threat mitigation,” said John Stringer, Head of Product at Next DLP. “By automating the mapping of detections to MITRE’s Insider Threat TTPs, we enhance our clients’ security posture by demonstrating MITRE ATT@CK coverage and significantly reducing the time and resources required to identify, respond to and report on high-impact insider threat activity.”
Author
