Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework

Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Besides denial of service a major goal of today’s attackers is to gain access to the victim’s data (e.g. for espionage or blackmailing purposes). Hence the detection and prevention of data exfiltration is one of the major challenges of institutions connected to the Internet. The cyber security community provides different standards and best-practices on both high and fine-granular level to handle this problem. In this paper we propose a conclusive process, which links Cyber Threat Intelligence (CTI) and Information Security Management Systems (ISMS) in a dynamic manner to reduce the risk of unwanted data loss through data exfiltration. While both CTI and ISMS are widespread in modern cyber security strategies, most often they are implemented concurrently. Our process, however, is based on the hypothesis that the mitigation of data loss is improved if both CTI and ISMS interact with one another and complement each other conclusively. Our concept makes use of the MITRE ATT&CK framework in order to enable (partial) automatic execution of our process chain and to execute proactive simulations to measure the effectiveness of the implemented countermeasures and to identify any security gaps that may exist.