Research

ATT&CK & D3FEND with a CAVEAT - Discovering the Gaps and Plotting a Course for Cloud Specific Adversary Modeling

Cybersecurity practitioners continue to search for adversarial threat models to drive system assessment and operational analytic development. While the Lockheed Martin Cyber Kill Chain and the Microsoft STRIDE model have contributed to huge advancements in adversarial “Double Think”, MITRE’s ATT&CK Framework was developed to provide more granular detail on adversarial tactics, techniques, and procedures (TTPs). Still, developing an adversary model that addresses the mitigations demanded by NIST’s Cyber Security Framework (CSF) would appear to be an objective still out of reach. As MITRE’s D3FEND emerges to assist, the needs of the cloud security engineering industry remains a forgotten step child. The CSA-MITRE Cloud Adversarial, Vectors, Exploits, and Threats (CAVEAT) Collaboration seeks to bring more relevant content to the cloud security practice. This research will explore today’s available adversary models relevant cloud-based systems, examine their utility, and proposes a course of action for industry necessary to advance the state of the art for cloud adversary analysis.

Learn More / Get Involved: Email research@cloudsecurityalliance-dc.org

Chapter Research Publications

A Guided Approach to Support Your Zero Trust Strategy

As the world’s workforce sought to overcome the Covid-induced pandemic, a remote workforce suddenly became the new normal. At break-neck speed, information technology (IT) organizations were working to improve the security of millions of new endpoints that were accessing a network not optimized for remote work. To keep pace with these overwhelming security and risk management requirements, aggressive modernization initiatives were launched to include embracing new cloud-based services to quickly provision, operate, monitor and respond to security incidents. This emergent complex, hybrid infrastructure presented a new threat landscape that represents the new normal. It also became the perfect backdrop for the National Institute of Standards and Technology (NIST) to release its Special Publication (SP) 800-207 on Zero Trust Architectures (ZTAs) and in the United States, President Biden’s Executive Order 14028, Improving the Nation’s Cybersecurity, calling for the adoption of ZTAs.

As organizations contend with complying with a federal mandate, developing modernization journeys to the cloud and implementing resiliency from new attack vectors, the lead authors of this paper from the CSA-DC Chapter aimed to provide a guided approach on how organizations can navigate a highly complex environment to develop a Zero Trust (ZT) strategy.

Although ZT is in its infancy, we hope this paper provides a snapshot of the complexity and infancy of ZT adoption. We believe it helps IT stakeholders with a deeper understanding of:

• An evolving and broad technology landscape

• New government initiatives from CISA on a ZT Maturity Model

• Developing a ZT strategy through conducting a ZT Maturity Assessment and developing a ZT Roadmap

• The impact of technology, culture, policy, and regulatory factors have on the ability for organizations to adopt a ZTA

This paper concludes with Recommendations on how ecosystem stakeholders can improve collaboration to accelerate the adoption of ZT in their environments and meet government mandates.

Download Publication

Earning Trust in the 21st Century

In today’s interconnected and technology reliant world, the expectation of trust and need to trust is growing. Today’s trust-based solutions may become non-viable in the future. As use of the cloud grows, we are experiencing a shift in resource allocation from on-premise to off-premise systems. As systems move to cloud hosted environments, the loss of control over the access network becomes a concern. Today’s trust-based solutions typically start at the network level. If a user has access to a network, they are typically trusted to have access to some or all of the resources, data, and systems on that network.

But, when networks are unknown and untrusted, how is trust acquired? Zero Trust (ZT) architectures seek to provide access control techniques that assume the network is not trustworthy. One of the approaches suggested by industry is the use of trust scores. Like a credit score, a cyber trust score could be used to assess the risk potential associated with allowing any given user access to systems and information. But how would a trust score be calculated? Current approaches smack of a violation of privacy where the right to gain access is issued only by agreeing to be monitored.

This paper addresses the technical, social, policy, and regulatory issues associated with creating trust frameworks in a Zero Trust world. Industry and government are called to solve issues in ways that continue to protect the right to a users’ privacy.

Download Publication

CSA Research Artifact Library Access

Over the last 11 years, we have developed an extensive library of over 400 artifacts that speak to many different topics in cloud security. Accessing and downloading research has just become easier through our Research Artifacts Publications Library. Below are a few must-read artifacts:

• Security Guidance v4.0 - Critical Areas of Focus in Cloud Computing
• Cloud Controls Matrix v4(CCM)
• Consensus Assessment Initiative Questionnaire v3.1(CAIQ)
• Enterprise Architecture to CCM Shared Responsibility Delivery Model
• Top Threats to Cloud Computing - Egregious 11 Deep Dive
• Software Defined Perimeter Architecture Guide v2
• IoT Security Controls Framework v2

Engaging CSA Research

https://cloudsecurityalliance.org/research/

As chapter members you have the opportunity to influence, leverage and participate in all aspects of CSA's Research Lifecycle by engaging our Working Groups, Open Peer Reviews, Surveys. You also have access to over 200 previously recorded CloudBytes webinars, which are a great way to stay educated on the latest trends in cloud security and earn CPE credits. 

When in Doubt - Join a CSA Working Group! 

https://cloudsecurityalliance.org/research/working-groups/ 

Above is the link to our active working groups spanning many different domains of cloud security. Simply click the working group microsite and you'll have access to the working group description, charter, latest artifact releases and upcoming meetings. By joining a working group you'll have intimate access to the latest technical documents in development, invited to working group calls and opportunities to collaborate with SME's. To get started with joining a working group, you will need to create a profile on our community platform Circle. 

Circle - Your gateway to CSA resources, discussions and working groups! 

https://circle.cloudsecurityalliance.org/home

Once you've signed up a Circle profile, please make sure to join your Chapter community.  Below are a few steps to follow: 

1. Click on'Sign In' at the top, and sign in using your preferred mode (Google, LinkedIn, Microsoft, email).
2. Once you're in, you can click on 'Communities', then 'All Communities'. 
3. Look for the group of your choice on the list and click 'Join'.