LogoLogo
  • Introducing dope.swg
    • Changing the Rules...
    • Quick Start Guide
      • Create a dope.swg Account
      • Get Started with the dope.endpoint
      • Import User and Group Data
      • Create a dope.swg Web Policy
    • Mitre ATT&CK and Nist CSF
  • dope.console
    • Analytics
      • Overview dashboard
      • Policy View
      • Productivity
      • Shadow IT
      • Detail View
    • dope.swg Policy
      • Editing the Base Policy
      • Adding Policy Exceptions
      • Assigning a Block Page
      • Creating Custom Categories
      • URL Bypass List
      • Application Bypass List
      • Default Bypass List
      • Cloud Application Control (CAC)
        • Microsoft O365
        • Google
        • Box
        • Salesforce
        • Dropbox
        • Slack
        • WebEx
      • Custom Policy
      • Policy Assignment
      • Policy Inheritance and Customization
    • CASB Neural
      • Microsoft 365 - Authentication
      • Google - Authentication
      • CASB DLP
        • DLP Files Table
    • Endpoint Manager View
      • Searching the View
      • Filtering and Sorting the Endpoint View
      • Endpoint Count
      • Running Diagnostics
      • Disable Endpoint
    • Settings
      • General
      • Block Pages
      • Endpoints
      • Users
        • Importing from Google
        • Why not SAML & SCIM?
      • Audit Log
      • SIEM Integration
        • Category & Verdict Mappings
      • API Client Credentials
      • Billing Details
    • Notifications
      • SSL Errors
  • dope.endpoint
    • Trusted Process Names
    • Generate Diagnostics
    • Disable Endpoint
    • Installing using MDM on Mac
      • Using JAMF
      • Using Kandji
      • Using Intune
    • Installing using Intune on Win
    • Mac Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • Windows Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • dope.endpoint UI
      • Windows UI
      • macOS UI
    • Automatic Updates
  • Release Notes
  • DOPE.APIs
    • Public API Specification
Powered by GitBook
On this page
  • MITRE ATT&CK Alignment
  • NIST Cybersecurity Framework Alignment
  1. Introducing dope.swg

Mitre ATT&CK and Nist CSF

SWG and CASBs are well-known tools that organizations use to align & prevent techniques in multiple frameworks in their security strategy.

The dope difference is to give you better architecture — Fly Direct and LLM-based DLP — making it easier to operate and better control coverage!

As a guide, here's what we align to:


MITRE ATT&CK Alignment

dope.security's capabilities align with the following tactics and techniques:

Tactic: Initial Access

  • Drive-by Compromise (T1189) (SWG) URL filtering blocks access to malicious or compromised websites, preventing malware infections.

Tactic: Execution

  • Malicious File Execution (SWG) SSL inspection prevents the download of malicious files hidden in encrypted traffic.

Tactic: Persistence

  • Boot or Logon Autostart Execution (T1547) (SWG) Cloud app control minimizes risks from persistent tools using cloud-based channels.

Tactic: Command and Control (C2)

  • Encrypted Channel (T1573) (SWG) SSL inspection detects and blocks encrypted malicious C2 communications by identifying unusual patterns or indicators.

Tactic: Exfiltration

  • Exfiltration Over Web Service (T1567) (SWG) Cloud app control and URL filtering block unauthorized file-sharing platforms, preventing data exfiltration.

  • Exfiltration Over Web Service: SaaS (T1567.002) (CASB Neural) Detects and remediates public or external sharing of sensitive documents in SaaS platforms like Office 365 and Google Workspace.

Tactic: Discovery (CASB Neural)

  • Cloud Service Discovery (T1526) Identifies and maps exposed sensitive documents in SaaS platforms.

Tactic: Collection (CASB Neural)

  • Data from Cloud Storage Object (T1530) Scans SaaS environments for sensitive files that may be improperly shared.


NIST Cybersecurity Framework Alignment

dope.security aligns with several functions and subcategories of NIST CSF:

Function: Identify

  • Asset Management (ID.AM-1, ID.AM-2) (SWG) Maintains visibility over cloud app usage and destinations.

  • Risk Assessment (ID.RA-1, ID.RA-2) (CASB Neural) Identifies improperly shared sensitive documents, prioritizing risk mitigation.

Function: Protect

  • Access Control (PR.AC-4, PR.AC-5) (SWG) Enforces least privilege by restricting access to unauthorized apps and services.

  • Data Security (PR.DS-1, PR.DS-5, PR.DS-6) (SWG & CASB Neural) Secures data in transit via SSL inspection and mitigates risks of data leakage by remediating exposed SaaS files.

  • Protective Technology (PR.PT-1, PR.PT-2) (SWG) Integrates with protective systems to ensure real-time analysis and blocking of harmful traffic.

Function: Detect

  • Anomalies and Events (DE.AE-2) (CASB Neural) Detects unexpected public or external sharing of sensitive data.

  • Security Continuous Monitoring (DE.CM-7, DE.CM-8) (SWG) Monitors traffic to detect malicious activity or unusual patterns.

Function: Respond

  • Mitigation (RS.MI-1, RS.MI-2) (CASB Neural) One-click remediation of sensitive data exposure ensures rapid containment.

  • Response Planning (RS.RP-1) (SWG) Enforces immediate response to malicious activity.

Function: Recover

  • Improvements (RC.IM-1) (SWG & CASB Neural) Provides insights for continuous improvement of security policies and data protection strategies.


In summary:

  • SWG (URL Filtering, SSL Inspection, Cloud App Control, etc): Protects against malicious access, data exfiltration, and encrypted threats while ensuring compliance with organizational policies

  • CASB Neural: Enhances SaaS data security by identifying and remediating improperly shared sensitive files, aligning with data protection and risk mitigation requirements

PreviousCreate a dope.swg Web PolicyNextAnalytics

Last updated 5 months ago