Dec 4, 2018

Mock Chinese attacks test security tools

Terracotta soldiers guard the mausoleum of Emperor Qin Shi Huang. Photo: Pete Saloutos/Getty Images

When it comes to cybersecurity research, the not-for-profit lab MITRE has traditionally maintained neutrality toward commercial products. But last week, it released its first security product evaluations. Here's why and how MITRE made the leap into what might at first sound like Yelp territory (but really isn't).

Why it matters: MITRE is best known for its role in assisting the government in public/private partnerships. In cybersecurity, until now, a lot of its high-profile work was more as an archivist than an active defender.

  • That's not meant as a dig. One of their key projects, the ATT&CK framework, is an important database of prominent hacking groups' techniques across a broad spectrum of categories.

What MITRE released last week were the results of simulated attacks from the believed-to-be-Chinese espionage group known as Gothic Panda or APT3 using the information collected for that ATT&CK framework. MITRE plans this release of product evaluations to be the first of many, with other tests gauging products against other attackers.

Yes, but: "We're not Consumer Reports," said Frank Duff, lead engineer for the evaluations program.

  • MITRE isn't providing head-to-head comparisons of products or ranked lists. There are no best buys.
  • The primary goal, at least to MITRE, is to encourage product improvement.
  • But MITRE also expects potential buyers will use the results and vendors will view the process as, in part, a marketing exercise.
  • "It can serve all of those purposes," said Duff.

Techniques, not malware: Before the MITRE tests were announced, there were already a lot of places for antivirus companies to test whether they could detect malicious programs that hackers installed on a system. But as CrowdStrike's Scott Taschler, director of product marketing, noted, "When it comes to advanced, targeted attacks, malware is only a part of the problem." A hacker might not use any malware, and security products still need to be tested on how they respond to those attacks.

Vendors paid for their tests, with the first cohort including Carbon Black, CounterTack, CrowdStrike, Endgame, Microsoft, RSA and SentinelOne.

  • No product weeds out the simulated attacker at every technique and tactic — and that's largely by design. Products focus on specific subsections of security, and most companies being targeted by spies have more than one product running at a time.
  • But the testing does show specifically where products could adapt to discover an attacker at different points. And that's important: As hackers upgrade their tools or learn new techniques, they can evade some previously effective defenses.

The bottom line: Scott Lundgren, chief technology officer at Carbon Black, said, "If the community rises up and documents and positions their security posture with ATT&CK in mind, we are all raising the bar and making it more expensive for adversaries to operate."

Go deeper

DMV area issues coronavirus stay-at-home orders

Data: Axios reporting; Map: Danielle Alberti/Axios

Maryland Gov. Larry Hogan, Virginia Gov. Ralph Northam and District of Columbia Mayor Muriel Bowser issued stay-at-home orders on Monday, with exceptions for residents engaged in essential services, including health care and government functions.

The big picture: The states and territory are the latest to announce policies to enforce social distancing, which have affected almost 250 million Americans. More than 1.5 billion people worldwide had been asked to stay home as of last week.

Go deeperArrowUpdated 3 mins ago - Health

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3 p.m. ET: 766,336 — Total deaths: 36,873 — Total recoveries: 160,001.
  2. U.S.: Leads the world in confirmed cases. Total confirmed cases as of 3 p.m. ET: 153,246 — Total deaths: 2,828 — Total recoveries: 5,545.
  3. Federal government latest: The White House will extend its social distancing guidelines until April 30 — Rep. Nydia Velázquez diagnosed with "presumed" coronavirus infection.
  4. State updates: Virginia and Maryland issued stay-at-home orders to residents, joining 28 other states — Florida megachurch pastor arrested for refusing to call off mass services.
  5. World updates: Italy reports 1,590 recoveries from the virus, its highest ever.
  6. In photos: Navy hospital ship arrives in Manhattan
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Cuomo: Engaging in politics during coronavirus crisis is "anti-American"

New York Gov. Andrew Cuomo said during a Monday press briefing that he won't get into a political tussle with President Trump — calling it "counterproductive" and "anti-American" — as his state deals with the most confirmed coronavirus cases in the country.

The backdrop: Trump said during an appearance on "Fox & Friends" earlier Monday that Cuomo has received high polling numbers during the outbreak because New York has received federal aid.