The Azure Security Stack Mappings
The Azure Security stack mappings are a collaboration between the MITRE Engenuity Centre for threat informed defence and Microsoft which maps every native security Control of Microsoft’s azure platform to the mitre attack framework.
The through process behind the security stack mappings was that organisation’s that run azure, lacked a comprehensive way of addressing how security controls worked at defending against adversary TTP’s (tactics, techniques and procedures) as a result of this MITRE and Microsoft developed a scoring methodology which can show how effective the Native security controls in azure are doing in protecting against adversary TTP’s.
As Microsoft explains “The project aims to fill an information gap for organizations seeking proactive security awareness about the scope of coverage available natively in Azure. The project does this by creating independent data showing how built-in security controls for a given technology platform, in this case Azure, secure their assets against the adversary tactics, techniques, and procedures (TTPs) most likely to target them.”
The mappings come in various forms
HTML — via MITRE attack Github
JSON — via Mitre attack Navigator (also available via GitHub)
One thing i love about using the Json version of the mappings is that as you can see from the picture above each mapping is colour coded with annotations which help provide more information about the item of the mapping that was clicked which provides more clarity and understand as to the scores and annotated to explain how each control relates to the framework.
The Azure Security Stack mappings provide a way for organisations to be proactive in clarifying how the native azure security controls stack up against TTP’s on the mitre attack framework and thus helping them protect azure more easily. Which is good news for everyone .
