The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year.I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen.What is the MITRE ATT&CK Framework?For those who are not familiar, ATT&CK is the Adversarial Tactics Techniques and Common Knowledge framework available from MITRE. It is a curated knowledge base of 11 tactics and hundreds of techniques that attackers can leverage when compromising enterprises.
There are five things I love about the various techniques.
Description
First is the description that each provides. Even though I have been in the security industry for what seems like a long time now, there’s always something new to learn. For all of the techniques with which I was not familiar, there were descriptions breaking down how the technique is leveraged and why it may be important for defenders to take a look.
Platform and Data Sources
From a practitioner standpoint, the platform and data sources sections are incredibly valuable because they tell me what systems I need to be monitoring and what I need to be collecting from them to mitigate and/or detect abuse of the technique. In some cases, there is detailed guidance on how to specifically mitigate or what to specifically monitor for the technique. However, many of the techniques lack prescriptive guidance.
Examples and Guidance
That’s where the examples come in handy. Every technique is based on real-world examples of how it has been leveraged by a piece of malware or campaign by a thre ..
Support the originator by clicking the read the rest link below.
