# Mitre ATT\&CK and Nist CSF SWG and CASBs are well-known tools that organizations use to align & prevent techniques in multiple frameworks in their security strategy. The dope difference is to give you better architecture — Fly Direct and LLM-based DLP — making it easier to operate and better control coverage! As a guide, here's what we align to: *** ### **MITRE ATT\&CK Alignment** dope.security's capabilities align with the following **tactics and techniques**: **Tactic: Initial Access** * **Drive-by Compromise (T1189)** *(SWG)*\ URL filtering blocks access to malicious or compromised websites, preventing malware infections. **Tactic: Execution** * **Malicious File Execution** *(SWG)*\ SSL inspection prevents the download of malicious files hidden in encrypted traffic. **Tactic: Persistence** * **Boot or Logon Autostart Execution (T1547)** *(SWG)*\ Cloud app control minimizes risks from persistent tools using cloud-based channels. **Tactic: Command and Control (C2)** * **Encrypted Channel (T1573)** *(SWG)*\ SSL inspection detects and blocks encrypted malicious C2 communications by identifying unusual patterns or indicators. **Tactic: Exfiltration** * **Exfiltration Over Web Service (T1567)** *(SWG)*\ Cloud app control and URL filtering block unauthorized file-sharing platforms, preventing data exfiltration. * **Exfiltration Over Web Service: SaaS (T1567.002)** *(CASB Neural)*\ Detects and remediates public or external sharing of sensitive documents in SaaS platforms like Office 365 and Google Workspace. **Tactic: Discovery *****(CASB Neural)*** * **Cloud Service Discovery (T1526)**\ Identifies and maps exposed sensitive documents in SaaS platforms. **Tactic: Collection *****(CASB Neural)*** * **Data from Cloud Storage Object (T1530)**\ Scans SaaS environments for sensitive files that may be improperly shared. *** ### **NIST Cybersecurity Framework Alignment** dope.security aligns with several **functions and subcategories** of NIST CSF: **Function: Identify** * **Asset Management (ID.AM-1, ID.AM-2)** *(SWG)*\ Maintains visibility over cloud app usage and destinations. * **Risk Assessment (ID.RA-1, ID.RA-2)** *(CASB Neural)*\ Identifies improperly shared sensitive documents, prioritizing risk mitigation. **Function: Protect** * **Access Control (PR.AC-4, PR.AC-5)** *(SWG)*\ Enforces least privilege by restricting access to unauthorized apps and services. * **Data Security (PR.DS-1, PR.DS-5, PR.DS-6)** *(SWG & CASB Neural)*\ Secures data in transit via SSL inspection and mitigates risks of data leakage by remediating exposed SaaS files. * **Protective Technology (PR.PT-1, PR.PT-2)** *(SWG)*\ Integrates with protective systems to ensure real-time analysis and blocking of harmful traffic. **Function: Detect** * **Anomalies and Events (DE.AE-2)** *(CASB Neural)*\ Detects unexpected public or external sharing of sensitive data. * **Security Continuous Monitoring (DE.CM-7, DE.CM-8)** *(SWG)*\ Monitors traffic to detect malicious activity or unusual patterns. **Function: Respond** * **Mitigation (RS.MI-1, RS.MI-2)** *(CASB Neural)*\ One-click remediation of sensitive data exposure ensures rapid containment. * **Response Planning (RS.RP-1)** *(SWG)*\ Enforces immediate response to malicious activity. **Function: Recover** * **Improvements (RC.IM-1)** *(SWG & CASB Neural)*\ Provides insights for continuous improvement of security policies and data protection strategies. *** In summary: * **SWG (URL Filtering, SSL Inspection, Cloud App Control, etc):** Protects against malicious access, data exfiltration, and encrypted threats while ensuring compliance with organizational policies * **CASB Neural:** Enhances SaaS data security by identifying and remediating improperly shared sensitive files, aligning with data protection and risk mitigation requirements