Mitre ATT&CK and Nist CSF

SWG and CASBs are well-known tools that organizations use to align & prevent techniques in multiple frameworks in their security strategy.

The dope difference is to give you better architecture — Fly Direct and LLM-based DLP — making it easier to operate and better control coverage!

As a guide, here's what we align to:

MITRE ATT&CK Alignment

dope.security's capabilities align with the following tactics and techniques:

Tactic: Initial Access

  • Drive-by Compromise (T1189) (SWG) URL filtering blocks access to malicious or compromised websites, preventing malware infections.

Tactic: Execution

  • Malicious File Execution (SWG) SSL inspection prevents the download of malicious files hidden in encrypted traffic.

Tactic: Persistence

  • Boot or Logon Autostart Execution (T1547) (SWG) Cloud app control minimizes risks from persistent tools using cloud-based channels.

Tactic: Command and Control (C2)

  • Encrypted Channel (T1573) (SWG) SSL inspection detects and blocks encrypted malicious C2 communications by identifying unusual patterns or indicators.

Tactic: Exfiltration

  • Exfiltration Over Web Service (T1567) (SWG) Cloud app control and URL filtering block unauthorized file-sharing platforms, preventing data exfiltration.

  • Exfiltration Over Web Service: SaaS (T1567.002) (CASB Neural) Detects and remediates public or external sharing of sensitive documents in SaaS platforms like Office 365 and Google Workspace.

Tactic: Discovery (CASB Neural)

  • Cloud Service Discovery (T1526) Identifies and maps exposed sensitive documents in SaaS platforms.

Tactic: Collection (CASB Neural)

  • Data from Cloud Storage Object (T1530) Scans SaaS environments for sensitive files that may be improperly shared.

NIST Cybersecurity Framework Alignment

dope.security aligns with several functions and subcategories of NIST CSF:

Function: Identify

  • Asset Management (ID.AM-1, ID.AM-2) (SWG) Maintains visibility over cloud app usage and destinations.

  • Risk Assessment (ID.RA-1, ID.RA-2) (CASB Neural) Identifies improperly shared sensitive documents, prioritizing risk mitigation.

Function: Protect

  • Access Control (PR.AC-4, PR.AC-5) (SWG) Enforces least privilege by restricting access to unauthorized apps and services.

  • Data Security (PR.DS-1, PR.DS-5, PR.DS-6) (SWG & CASB Neural) Secures data in transit via SSL inspection and mitigates risks of data leakage by remediating exposed SaaS files.

  • Protective Technology (PR.PT-1, PR.PT-2) (SWG) Integrates with protective systems to ensure real-time analysis and blocking of harmful traffic.

Function: Detect

  • Anomalies and Events (DE.AE-2) (CASB Neural) Detects unexpected public or external sharing of sensitive data.

  • Security Continuous Monitoring (DE.CM-7, DE.CM-8) (SWG) Monitors traffic to detect malicious activity or unusual patterns.

Function: Respond

  • Mitigation (RS.MI-1, RS.MI-2) (CASB Neural) One-click remediation of sensitive data exposure ensures rapid containment.

  • Response Planning (RS.RP-1) (SWG) Enforces immediate response to malicious activity.

Function: Recover

  • Improvements (RC.IM-1) (SWG & CASB Neural) Provides insights for continuous improvement of security policies and data protection strategies.

In summary:

  • SWG (URL Filtering, SSL Inspection, Cloud App Control, etc): Protects against malicious access, data exfiltration, and encrypted threats while ensuring compliance with organizational policies

  • CASB Neural: Enhances SaaS data security by identifying and remediating improperly shared sensitive files, aligning with data protection and risk mitigation requirements

PreviousCreate a dope.swg Web PolicyNextAnalytics

Last updated