BLOG

ATT&CK and Vulnerability Management Part 5: Disrupting Attack Sequences through Vulnerability Management

In our last post, we showed how CYR3CON mapped relationships among ATT&CK techniques using tools...

Docker/Kubernetes Part 6:  Common Weakness Enumeration (CWE)

For our sixth and final post in this series about Docker and Kubernetes, we take a look at how...

ATT&CK and Vulnerability Management Part 4: Using Intelligence to Generate Attack Sequences

In the past few articles, we discussed how mapping ATT&CK techniques to CVE’s can help...

ATT&CK and Vulnerability Management Part 3: Considerations in Aligning CVEs and ATT&CK Techniques

In our last article, we discussed why one would want to align CVEs with ATT&CK techniques.  In...

Docker/Kubernetes Part 5:  Docker in Detail

Our fifth post in this series, covering details of Docker, is the complement to part four.  Once...

ATT&CK and Vulnerability Management Part 2: Why align ATT&CK with CVEs?

Colonial Pipeline Breach Part 2: Three Important Observations

The Colonial Pipeline breach brought the physical-world effects of a cyber-attack – such as...

Colonial Pipeline Breach: Vulnerabilities Used by DarkSide

This is the first in a 2-part series on the Colonial Pipeline breach.  In today’s blog and...

Docker/Kubernetes Part 4:  Kubernetes in Detail

For our fourth post in this series, we delve into some of the details of Kubernetes (K8s) ...

ATT&CK and Vulnerability Management Part I: Introducing ATT&CK

Today we start a multi-part blog series on the MITRE ATT&CK framework and how it relates to...