Using DPM and MITRE ATT&CK to Improve SOC EffectivenessCardinalOps CEO on How Detection Posture Management Finds, Remediates Security Gaps
SOCs are facing increased challenges due to the ever-growing complexity of infrastructure and technology, which expands the attack surface. CardinalOps CEO Michael Mumcuoglu said the MITRE ATT&CK Framework has "upped the game" by allowing SOC operators to "talk the same language" about attacker techniques, and now CardinalOps is using detection posture management in concert with the framework to identify and remediate coverage gaps in common SIEM platforms such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle SIEM.
Detection posture management offers a proactive, systematic approach to continuously measuring MITRE ATT&CK coverage, developing new detections to remediate gaps based on business priorities, and building a threat-informed defense, Mumcuoglu said, and it uses automation and analytics, which he said are required to deliver improved effectiveness.
In this video interview with Information Security Media Group at RSA Conference 2023, Mumcuoglu also discusses:
- Showing the board how risk is being reduced over time by maximizing the effectiveness of existing security investments;
- Using automation to "empower" staff by taking away redundant manual labor;
- How CardinalOps is pioneering the use of detection posture management.
Mumcuoglu and the CardinalOps team have built a detection engineering platform to help organizations maximize threat coverage by better leveraging existing security tools. He previously co-founded and was CTO of LightCyber, which was acquired by Palo Alto Networks in 2017.