Nonprofit research organization MITRE has released the latest version of its ATT&CK framework, adding support for threat information affecting Apple's MacOS and various flavors of Linux, while also allowing more data sources and relationships.
The release is one of two updates to the popular framework due out this year, with another planned for October. The two most major changes are better support for both the MacOS and Linux platforms and the adoption of more flexible ways of specifying the necessary data to describe each threat technique. The release includes 16 new groups, 67 new pieces of software, and updates to 36 other groups and 51 software entries, according to MITRE.
The goal is to make the framework more functional, based on specific feedback from its community of users, says Adam Pennington, ATT&CK lead at MITRE.
"People look at ATT&CK as a way to map out and plan their defenses," he says. "We are seeing it used as a way for people to either start from a specific area — such as an adversary that they are worried about or some subset of an attack, and take a look at what their stance is in relation to each of those behaviors — or perhaps as a way to plan out behavioral analytics."
In a blog published Thursday, the research organization stated that the update is designed to better connect offensive techniques with potential defensive actions. The intent is to tag every technique in the ATT&CK framework with "defensive-focused fields [and] properties as a way to help defenders detect and respond to attacks.
The ..
Support the originator by clicking the read the rest link below.
