Quantify Red Canary's Threat Coverage Using MITRE ATT&CK

Building a great security operations program depends on layering the right detection techniques and security products to cover the appropriate number of adversary techniques for your business. This has historically been very difficult because most security products take a black box approach that does not transparently explain what techniques are covered.

We strive to make Red Canary’s coverage of adversary techniques transparent and understandable so you can ensure that your program is investing in the right security solutions.

Red Canary detection analytics are mapped to the MITRE ATT&CK^® framework to ensure consistent language around adversary techniques. All behavioral detection analytics are mapped to one or more associated MITRE ATT&CK techniques.

View a MITRE ATT&CK matrix of Red Canary detector coverage for adversary techniques

You can view a MITRE ATT&CK matrix that highlights which techniques are associated with one or more detection analytics.

All techniques with one or more associated Red Canary detection analytics are shaded green to indicate a level of coverage.

Export the Red Canary threat coverage matrix to layer your coverage in MITRE ATT&CK Navigator

1. From the navigation menu, click Analytics.

2. Click the Attack Techniques tab to see a matrix of all adversary techniques.

3. Click Export Navigator Layers, and then select Techniques covered by Red Canary detectors.

4. A Navigator layer file will be downloaded; import this file into your MITRE ATT&CK Navigator.