The Center for Internet Security (CIS) unveiled its Community Defense Model (CDM). This defense model shows that the CIS Controls – a prioritized and prescriptive set of safeguards that mitigate the most common cyberattacks against systems and networks – mitigate approximately 83 percent of all attack techniques found in the MITRE ATT&CK Framework.
Providing a defensible basis
The CDM maps the Controls to the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework, and describes how data sources are used to support the mapping to specific Controls and their associated Sub-Controls (Safeguards). In addition to this, the CDM formalizes the documentation of the specific attack patterns mitigated by the Controls including web-application hacking, insider and privilege misuse, malware, ransomware, and targeted intrusions.
CIS President and CEO, John Gilligan, said,
“Consistent with our mission, CIS is committed to providing both public and private sector organizations with the tools they can use to help mitigate cyber-attacks. The rigorous and data-driven analysis mapping of the CIS Controls to the MITRE ATT&CK Framework in our Community Defense Model is the most recent step we’re taking to help all organizations start secure and stay secure with basic cyber hygiene. The data and analysis behind this model provide a defensible basis for applying specific best practices to mitigate cyber-attacks.”
While ransomware attacks are the most common types of attacks over the last several years, there are several other attack techniques that can be just as challenging for any organization. the CIS Controls model is separated into three Implementation Groups (IGs), against a variety of other attack techniques:
- Malware: Implementing IG1 of the CIS Controls can mitigate 79 percent of malware attack pattern techniques. Implementing IG1 is the definition of Basic Cyber Hygiene.
- Web-Application Hacking: 100 percent of instances of web-application hacking techniques can be defended against by implementing all of the CIS Controls.
- Insider Privilege & Misuse: 100 percent of the techniques can be defended against by properly implementing the CIS Sub-Controls in IG1.
- Targeted Intrusion: 80 percent of targeted intrusion techniques can be defended against by implementing all of the CIS Controls.
CIS developed this model by using publicly available data from sources including the Multi-State Information Sharing & Analysis Center (MS-ISAC), the 2019 Verizon DBIR, and CrowdStrike. These sources is to identify the most relevant attack patterns and their frequency.