Organizations are adopting the MITRE ATT&CK framework to map their cybersecurity threat detection, prevention and response capabilities to attack scenarios. MITRE, a nonprofit organization that has worked closely with the U.S. government to strengthen its cyberdefenses for more than four decades, developed the model after years of observing how real-world adversary groups operate.
ATT&CK stands for adversarial tactics, techniques and common knowledge. The first MITRE ATT&CK model was created in September 2013 and focused primarily on Windows. In May 2015, MITRE released the framework with 96 techniques organized under nine tactics. This evolved to 12 tactics, each of which has numerous techniques. The framework is displayed in matrices that are arranged by attack stages, from initial system access to exfiltration or impact, and covers the entire attack life cycle. Since the framework is based on actual adversary behavior, it helps identify the common behaviors that bad actors are most likely to perform during an attack.
Figure 1: A section of the MITRE ATT&CK Framework
The objective of MITRE ATT&CK is to create a comprehensive matrix of known adversary tactics and techniques used during cyberattacks. The framework is community-driven and updated regularly.
What Is the Value of MITRE ATT&CK?
Security operations center (SOC) analysts face myriad challenges every day. Below are some of the most common:
Security posture: Do we have adequate and effective security defenses?
Threat detection: Can we detect the threat flavor of the day? Is all the data we collect useful in fulfilling our mission?
Security tools: Do we have overlapping tool coverage? Are ..
Support the originator by clicking the read the rest link below.
