The cyber security industry is embracing and standardizing on the MITRE ATTACK framework, and concurrently we understand that vulnerability management by itself is not enough. We must combine risk-based vulnerability management with MITRE ATT&CK to expand our visibility and control of CVEs. This white paper explores how the Vulcan Cyber Voyager18 research team mapped relevant mitigation techniques to CVEs through machine learning and textual analysis.
How others have tried to map ATT&CK techniques to CVEs in the past - and the challenges they faced.
What our team did differently to ensure greater success and accuracy in mapping the MITRE ATT&CK framework.
Why textual analysis was eventually employed to augment the results.
The importance of continual updating and community input.