Frank Duff on Mitre’s Assessment of 21 Cyber Platforms Against ‘APT29’ Threat Group

Frank Duff, principal cyber operations engineer at Mitre, told Federal News Network in an interview published Friday about the nonprofit corporation’s evaluation of cybersecurity offerings from 21 vendors against cyber threat group APT29.

Mitre assessed the cyber platforms using its ATT&CK knowledge base to emulate the techniques used by APT29, which is believed to be related to the Russian government and involved in the Democratic National Committee compromise.

The vendors submitted endpoint detect and respond systems or endpoint protection platforms for evaluation and Duff said those technologies “would focus on detecting the threat once they’re in.”

Duff explained how those software offerings operate in an individual’s machine and discussed PowerShell logging and Mitre’s observations in those products. PowerShell is a default administrative tool on Windows operating systems and enables users to perform certain types of scripting.

“And it was very good to see that these products were for the majority had visibility in district lock logging, understanding what was in the contents of the script that PowerShell was executing, so that you could extract the behaviors from that and leverage it,” he said.

Duff also shared his insights on the 21 cyber platforms evaluated by Mitre. “These types of products are, from my standpoint, necessary to understand what the adversary is doing to minimize their time with once they get in, how long they’re on your network, the amount of damage that they’re doing all these products, I think what you can say about them is they’re going through this process, our evaluation is threatened formed,” he said. “And so they’re trying to improve themselves based on the real threat."

You may also be interested in...

Byron Bright President KBR

KBR Receives $88M Task Order to Help Maintain USAF F-16 Fleet; Byron Bright Quoted

KBR has received a five-year, $88M task order from the U.S. Air Force's Life Cycle Management Center to support sustainment engineering of F-16 Fighting Falcon multirole jets.

Tara Murphy Dougherty CEO Govini

Govini CEO Tara Murphy Dougherty Named to NDU Foundation Board

Govini CEO Tara Murphy Dougherty has been appointed to serve at the National Defense University Foundation's board of directors.

Kieran Keelty VP Triman Industries

USAF Vet Kieran Keelty Named Triman Supply Chain Executive

Retired Air Force Col. Kieran Keelty has joined military aftermarket services provider Triman Industries, a portfolio company of investment firm AE Industrial Partners, as vice president for partner supply operation. He will be responsible for creating Triman's supply chain program and exploring opportunities to do business with the Department of Defense and original equipment manufacturers.