McAfee, a device-to-cloud cyber security company, today announced the introduction of MITRE ATT&CK into McAfee MVISION Cloud.

MVISION Cloud is the company’s Cloud Access Security Broker (CASB), which aims to hunt, detect, and stop cyberattacks on cloud services.

According to McAfee, this new integration gives SecOps teams a direct source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualise cloud security events within an ATT&CK.

Commenting on the integration, Rajiv Gupta, senior vice-president and general manager of Cloud Security, McAfee, said in the official announcement: “Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm.”

Gupta added: “By translating cloud threats and vulnerabilities into the common language of ATT&CK, MVISION Cloud allows security teams to extend their processes and run books to the cloud, understand and pre-emptively respond to cloud vulnerabilities, and improve enterprise security.”

‘20 attack attempts a month’

According to data from McAfee’s research, most enterprises face an average of 20 attack attempts per month on their cloud services.

The ATT&CK integration brings cloud attacks into focus and provides the opportunity to identify gaps in protection and make policy and configuration changes directly from McAfee MVISION Cloud, the cybersecurity company mentioned.

McAfee stated that with the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalise a separate framework for cloud threats and vulnerabilities.

This also has the ability to combine incidents, anomalies, threats, and vulnerabilities into one holistic, familiar view.