What inspired this project
As security professionals build controls to keep our information we should be able to take inventory and step back to visually see where we have enough coverage while referencing the MITRE ATTACK framework. This is a way to get conversations started about a company's internal threat landscape.
How does it work
It starts with an internal process of adding tags and using an internal copy of the MITRE framework so confidential information is not exposed. Building upon an attack flow GUI tool to help us visualize our current threat landscape.
How was it built
Used a free version of JIRA and Confluence to build a copy of the MITRE framework to build the internal mapping. Using the GUI to help visualize and see the total possible cost of this attack happened against the organization.
Accomplishments that we're proud of
Very proud of having taken the weekend to really dive into the MITRE ATTACK matrix!
Challenges we ran into
One of the challenges was deciding to either view this tool as a vendor tool or to keep it internally built. I also needed to think about how an existing framework could adapt to different companies whose internal processes and needs are different.
What's next for ShellHacks & Security
I'll be looking into modifying the existing open source code to change fields in the GUI attack map. I do think there is capability to build internal visualizations that will be less expensive and keep proprietary company information secure from vendor breaches.
Log in or sign up for Devpost to join the conversation.