The Center for Threat-Informed Defense under MITRE plans to implement its Adversarial Tactics, Techniques, and Common Knowledge framework in Microsoft's Azure cloud platform and map all built-in security controls in Azure into the framework through a new joint project the two companies have recently unveiled, called Security Stack Mappings, The Register
reports. The partnership marks the first time ATT&CK has been actively linked to a cloud platform.
"The project aims to fill an information gap for organisations seeking proactive security awareness about the scope of coverage available natively in Azure," said Microsoft's Threat Intelligence Centre Senior Threat Intelligence Librarian Madeline Carmichael.
"This release represents our first in a collection of mappings of native product security controls to ATT&CK based on a common methodology, scoring rubric, data model, and tool set," according to Nicholas Amon, lead security engineer at MITRE, and and MSTIC Director of Research and Development Jon Baker.
Amon and Baker said work is already underway on future integrations between the MITRE framework with other cloud platforms, and specifically named Amazon Web Services.