MITRE ATT&CK is built around the premise that the best way to find attacks is by their behaviors. It provides a guide on how to manually track 100s to find attacks at various stages in the kill chain (lifespan). It’s been lauded as the best way to find attacks across the industry from every credible expert. However, it takes great visibility into every piece of IT infrastructure and network surface used by an organization in order to find such behaviors as well as skilled analysts with the right tools to analyze the data from these sources.
ADR was built around these concepts- and fully maps to the MITRE ATT&CK Framework. ARIA uses ML to allow ADR to sift through network flow data as well as log output of every type of device, from firewalls to network infrastructure to directories to OS and application audit logs including those provides from popular Cloud services. It finds the threat behaviors on its own rather than requiring any human effort as presupposed by the MITRE ATT&CK framework. ADR does the work fully automated. Further its use of AI allows ADR to automatically correlate the behavior information into confirmed attack patterns and generates alerts as to the type of attack, its target, its source as well as telling the customer what to do about it. Going beyond the framework it allows these attacks to be stopped push button - right from the ADR UI or automatically with no human involvement nor delay.
Result: It can do the work of days of effort of 10s of SOC analysts in seconds. Finding and stopping attacks in real time, typically before serious harm is done. Benefit: it reduces cyber risk by at least an order of magnitude from what the best SoC teams or MDR services can achieve today at 1/10th the cost.