Frank Duff on Mitre’s Assessment of 21 Cyber Platforms Against ‘APT29’ Threat Group

Frank Duff, principal cyber operations engineer at Mitre, told Federal News Network in an interview published Friday about the nonprofit corporation's evaluation of cybersecurity offerings from 21 vendors against cyber threat group APT29.

Mitre assessed the cyber platforms using its ATT&CK knowledge base to emulate the techniques used by APT29, which is believed to be related to the Russian government and involved in the Democratic National Committee compromise.

The vendors submitted endpoint detect and respond systems or endpoint protection platforms for evaluation and Duff said those technologies “would focus on detecting the threat once they're in.“

Duff explained how those software offerings operate in an individual's machine and discussed PowerShell logging and Mitre's observations in those products. PowerShell is a default administrative tool on Windows operating systems and enables users to perform certain types of scripting.

“And it was very good to see that these products were for the majority had visibility in district lock logging, understanding what was in the contents of the script that PowerShell was executing, so that you could extract the behaviors from that and leverage it,“ he said.

Duff also shared his insights on the 21 cyber platforms evaluated by Mitre. “These types of products are, from my standpoint, necessary to understand what the adversary is doing to minimize their time with once they get in, how long they're on your network, the amount of damage that they're doing all these products, I think what you can say about them is they're going through this process, our evaluation is threatened formed,“ he said. “And so they're trying to improve themselves based on the real threat."

You may also be interested in...


Akima Subsidiary Secures Spot on Potential $835M USAF Aircraft Maintenance Contract; Scott Rauer Quoted

An Akima subsidiary has won a seat on a potential 10-year, $835 million indefinite-delivery, indefinite-quantity contract from the U.S. Air Force for aircraft support services. Under the Rotary Wing Maintenance Contract Consolidation IDIQ, Akima Logistics Services will provide helicopter maintenance operations to support operational and training missions of the service branch.

TPS-75 radar

Air Force Taps Lockheed to Develop Long-Range Radar Interface

Lockheed Martin has received a follow-on contract to develop a data transmission interface as part of the U.S. Air Force's rapid prototyping competition to modernize the legacy TPS-75 military radar system. The integration contract under the Three Dimensional Expeditionary Long-Range Radar development program has options for the company to manufacture up to 35 systems, the military service said Wednesday.


SpaceX Continues Starlink Constellation Development With 60 More Small Satellites

Sixty SpaceX-operated small satellites aboard the Falcon 9 rocket were sent to low Earth orbit to join the Starlink broadband constellation that is being established by the company to deliver high-speed broadband internet connection to rural or remote communities.