The US cybersecurity company CISA on Wednesday introduced new assets for safety groups seeking to comprise cyberattacks and evict hackers from their networks.
The brand new Eviction Methods Instrument features a web-based software referred to as Playbook-NG (Cyber Eviction Methods Playbook Subsequent Era), and a database of post-compromise countermeasures, named COUN7ER.
“Collectively, Playbook-NG and COUN7ER can assemble a scientific eviction plan that leverages distinct countermeasures to comprise and evict a novel intrusion,” CISA notes.
The 2 open supply assets, maintained by CISA on the Eviction Methods Instrument’s GitHub web page, help with tailor-made adversary eviction methods and are anticipated to speed up incident response plan creation.
Playbook-NG is a stateless software that permits defenders to match incident discoveries with countermeasures for hacker eviction, and which can be used to generate life like plans for tabletop train (TTX) eventualities.
Defenders feed Playbook-NG’s interface with TTPs or descriptions of adversary actions and the applying supplies beneficial response actions, which may be exported. Playbook-NG doesn’t retain info on the defender and their enter, however exported information may be re-uploaded and modified.
“Playbook-NG additionally permits cyber defenders to start out with an incident template that CISA created and curated. These templates describe particular collections of TTPs in a marketing campaign or occasion {that a} cyber defender could use as is or shortly customise. Playbook-NG supplies an agile set of steering that follows a ‘write as soon as, share many’ mannequin of defensive methods,” CISA explains.
COUN7ER is a curated assortment of post-compromise countermeasures and mitigations that Playbook-NG pulls entries from. These actions are cross-referenced with a number of frameworks — together with MITRE’s ATT&CK, D3FEND, and Frequent Weak point Enumeration (CWE) — and aligned with greatest practices.
The database at the moment accommodates greater than 100 totally developed entries, every offering particulars on the supposed consequence, preparation, dangers, associated countermeasures, steering, and references.
“CISA commonly opinions the COUN7ER database and updates it based mostly on incident observations, risk intelligence, and different sources of knowledge on risk actor ways. Countermeasures bear a rigorous assessment course of to adapt to written fashion, voice, and accuracy,” CISA says.
This week CISA additionally launched new steering as a part of its Journey to Zero Belief sequence, overlaying the introduction and planning for microsegmentation in zero belief.
Microsegmentation in Zero Belief, Half One (PDF) defines core ideas, particulars the phased method to microsegmentation, and supplies planning concerns and examples of microsegmentation eventualities.
Associated: Senate Committee Advances Trump Nominee to Lead CISA
Associated: Organizations Warned of Exploited PaperCut Flaw
Associated: Video: ESG – CISO’s Information to an Rising Danger Cornerstone
Associated: NASA Wants Company-Huge Cybersecurity Danger Evaluation: GAO
