Frank Duff on Mitre’s Assessment of 21 Cyber Platforms Against ‘APT29’ Threat Group

Frank Duff, principal cyber operations engineer at Mitre, told Federal News Network in an interview published Friday about the nonprofit corporation’s evaluation of cybersecurity offerings from 21 vendors against cyber threat group APT29.

Mitre assessed the cyber platforms using its ATT&CK knowledge base to emulate the techniques used by APT29, which is believed to be related to the Russian government and involved in the Democratic National Committee compromise.

The vendors submitted endpoint detect and respond systems or endpoint protection platforms for evaluation and Duff said those technologies “would focus on detecting the threat once they’re in.”

Duff explained how those software offerings operate in an individual’s machine and discussed PowerShell logging and Mitre’s observations in those products. PowerShell is a default administrative tool on Windows operating systems and enables users to perform certain types of scripting.

“And it was very good to see that these products were for the majority had visibility in district lock logging, understanding what was in the contents of the script that PowerShell was executing, so that you could extract the behaviors from that and leverage it,” he said.

Duff also shared his insights on the 21 cyber platforms evaluated by Mitre. “These types of products are, from my standpoint, necessary to understand what the adversary is doing to minimize their time with once they get in, how long they’re on your network, the amount of damage that they’re doing all these products, I think what you can say about them is they’re going through this process, our evaluation is threatened formed,” he said. “And so they’re trying to improve themselves based on the real threat."

Check Also

AECOM Names New Executives to Leadership Team; Troy Rudd Quoted

AECOM has appointed Gaurav Kapoor, current chief accounting officer of the company, as chief financial officer (CFO), Douglas Stotlar as independent chairman of the Board of Directors and Troy Rudd as director of the Board, effective Aug. 15. Bradley Buss has been appointed to the AECOM Board of Directors, effective August 10th.

B-52 Stratofortress

Lockheed Puts Hypersonic Weapon Through Captive-Carry Flight Test

Lockheed Martin completed a captive-carry test of a second hypersonic weapon prototype on the U.S. Air Force's B-52 Stratofortress bomber aircraft Saturday off the Southern California coast.

AWACS aircraft

Boeing to Update Air Force Early-Warning Aircraft’s Comm Tech

Boeing has secured a six-year, $50M contract to update the U.S. Air Force's airborne warning and control system with an internet protocol-based communication technology.