{"id":41536,"date":"2021-06-29T18:00:11","date_gmt":"2021-06-29T18:00:11","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/\/?p=93822"},"modified":"2021-06-29T18:00:11","modified_gmt":"2021-06-29T18:00:11","slug":"mitre-attck-mappings-released-for-built-in-azure-security-controls","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/mitre-attck-mappings-released-for-built-in-azure-security-controls\/","title":{"rendered":"MITRE ATT&CK\u00ae mappings released for built-in Azure security controls"},"content":{"rendered":"

The Security Stack Mappings for Azure research project<\/a> was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK\u00ae techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense<\/a> and other Center members to publish the mappings, which pair the familiar language of the ATT&CK framework with the concrete coverage Azure provides to protect organizations\u2019 attack surfaces. Microsoft is pleased that community interest in seeing such mappings for Azure led to its use as the pilot cloud platform for this endeavor.<\/p>\n

<\/p>\n

The project aims to fill an information gap for organizations seeking proactive security awareness about the scope of coverage available natively in Azure. The project does this by creating independent data showing how built-in security controls for a given technology platform, in this case Azure, secure their assets against the adversary tactics, techniques, and procedures (TTPs) most likely to target them.<\/p>\n

Microsoft has worked to expand the suite of built-in security controls in Azure which, while highly effective for protecting customer environments, can feel overwhelming to understand across an organization\u2019s entire Azure estate. MITRE has developed the ATT&CK framework into a highly respected, community-supported tool for clarifying adversary TTPs. Pairing the two together provides a helpful view for organizations to understand their readiness against today\u2019s threats in a familiar vocabulary that enables easy communication to their stakeholders.<\/p>\n

Aside from the mapping files, key project deliverables include a methodology that describes how the project team assessed the mappings and a scoring rubric to explain how the mapping scores were decided. Accompanying the methodology and scoring rubric are a YAML data format that houses each mapping and a mapping tool that validates and produces corresponding ATT&CK Navigator layer files for easy visualization. The ATT&CK Navigator view is particularly useful for assessing multiple security controls concurrently to identify similarities or differences in coverage capabilities.<\/p>\n

Azure\u2019s built-in security controls map to broad ATT&CK technique coverage<\/h2>\n

The Security Stack Mappings research project was undertaken in response to the lack of data available to explain how a technology platform\u2019s built-in security controls mitigate against adversary TTPs as described by ATT&CK techniques. Azure was chosen for the inaugural iteration of this research, with plans for the Center to repeat the process for other technology platforms in the future.<\/p>\n

The methodology distinguishes between security controls that function independently and features that can be enabled as part of another product or service, choosing only the former as candidates for mappings.<\/p>\n

The scoring rubric is comprised of three main factors:<\/p>\n