An Overview of MITRE Cyber Situational Awareness SolutionsSeptember 2015
Topics: Cybersecurity, Computer Security, Information Security Risk Management, Information Security Technologies, Collaborative Decision Making
The 18 May 2015 NATO Communications and Information Agency (NCIA) Request for Information (RFI) (CO-14068-MNCD2) seeks a multi-nation cyber defense situational awareness (CDSA) capability. While MITRE is not a commercial tool vendor, our research has led to the development of a range of technical solutions that would benefit any CDSA toolkit. This document describes the MITRE technical solutions that can be leveraged to enable or support an overall NATO CDSA solution.
In some cases, the technical solutions are standardization efforts that enable information sharing for key aspects of CDSA. In other cases, the solutions are prototype tools that could be transitioned to government entities or to commercial vendors. The specific NCIA RFI CDSA use cases are used to orient the MITRE capabilities with the overarching CDSA requirements.
It is important to note that most of MITRE's efforts have focused on solutions described in the primary RFI scenario "Oranjeland APT." For the more technical scenarios and use cases, MITRE has had success in leveraging commercial off-the-shelf (COTS) tools. These tools are evaluated and procured based on welldefined needs and requirements. They are integrated to higher-level CDSA views using aggregation tools, such as security information and event management (SIEM) and log management products or custom-developed data-processing pipelines.