Dashboard Update: NIST Subcategories, MITRE Subtechniques and Mitigations
All from the Products page
It has been a year since we began ingesting products into the only platform for cybersecurity industry research. Through several iterations we have gone deeper and deeper into product details, use cases, integrations, and deployments. In response to requests we added MITRE ATT&CK alignments for each of the 9,862 products we have discovered from 4,155 vendors. Every CISO we talked to then asked for NIST CSF alignments which we announced in July.
Let’s use Sixmap’s Computational Mapping platform as an example. We have determined that the tool covers 13 NIST CSF 2.0 controls and 30 MITRE Techniques.
Just showing the controls in these product pages is great. But the Dashboard is quickly evolving into a product discovery and selection tool for security teams. Eventually that means that a customer will be able to upload or input their entire security stack and get an immediate analysis of their coverage of any framework or standard. It will identify potential areas to save costs by highlighting overlap in capabilities. And it will show gaps in coverage.
A critical capability is search on these elements of NIST and MITRE. Note the highlighted NIST CSF 2.0 control in this screenshot of the product search page.
Also note that you can choose to search on all of the MITRE Enterprise Matrix and the MITRE Enterprise Mitigations.
The results for searching on DE-AE-8 (Detect, Adverse Events, 08) reveals 141 products from 110 vendors including from Proficio.
You can see where this is going. We are convinced that this is the first and only platform that addresses some severe limitations in the ability of traditional analyst firms to cover the cybersecurity industry. There are close to 10,000 products yet firms like Gartner write about less that 2% of them in their published research. Only by capturing all products and as much detail as possible about each one is it possible to find the optimal match.
You may have noticed that it has been over three weeks since my last post. That is because things are moving fast at IT-Harvest. Stay tuned for some big announcements in the new year. Besides, I am busy writing Security Yearbook 2025. :-)