If you are working in cybersecurity or even adjacent to cybersecurity, you no doubt, have heard of the MITRE ATT&CK Framework. Likely you’ve been asked by your CISO to investigate adding the framework as part of your defensive strategy. Let’s look at it and see how implementing the framework can strengthen your defensive posture and make your business community safer to boot.
The MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) Framework is a knowledge base of cyber adversary behavior focused on three primary matrices: Enterprise, Mobile, and Industrial Control Systems (ICS). I’ll note that most references to the framework are talking about Enterprise. It provides a model that your organization can use to understand the tactics, techniques, and procedures (TTPs) that are used by adversaries. The framework includes many different adversarial groups and software (in this case malware) already in use but the power of the MITRE ATT&CK Framework is that it can be used on any attack regardless of how new or old it is.
By creating a comprehensive knowledge base of cyber adversary behavior and tactics, the ATT&CK framework enables organizations to gain a better understanding of how attackers operate, to identify potential vulnerabilities in their own systems, and to develop more effective security controls and response strategies. The framework also provides a way for organizations to share information about cyber threats and collaborate on threat intelligence and response efforts.
In the MITRE ATT&CK Framework, a tactic is the high-level goal of the attacker. In short, it’s what the adversary hopes to achieve. There are currently 14 tactics that range from reconnaissance to the exfiltration of stolen information, and all stops in-between. An attack flows from left to right as it progresses through the system. It is important to note that an attack may not necessarily enter in the matrix at the beginning nor flow all the way to the end. It varies depending on the individual attack.
In the MITRE ATT&CK Framework, a technique is the method in which the adversary intends to accomplish the goal of the attack. With tactics being the what, a technique serves as the how. There are currently 193 techniques and 401 sub-techniques in the Enterprise Framework.
A procedure is the specific implementation of a technique, for instance an adversary uses PowerShell to silently create an administrator account.
There are multiple ways the MITRE ATT&CK framework can be implemented to improve an organization’s defensive posture. Here are 5 steps an organization can take to use the framework effectively:
As you can see, the Mitre ATT&CK framework is a comprehensive model that when implemented can improve your organization’s defenses and allow you to share that information within your industry. When coupled with additional cybersecurity training, the framework helps organizations to identify and understand the various stages of an attack and to develop effective strategies for preventing, detecting, and responding to attacks. The framework is continuously updated to reflect the latest techniques and tactics used by attackers. By leveraging the Mitre ATT&CK framework, organizations can better protect their assets and reduce the risk of cyberattacks.
Announcing iOS Development with SwiftUI and SwiftData The demand for iOS developers proficient in Swift…
In a world driven by technology, finding the right opportunity to break into the tech…
This month, more than 1,000 people received notifications of their free enrollment in the AI…
Developers & IT Pros are harnessing the power of Google Cloud to solve real-world problems.…
From Weekend Projects to Web3's Next Big Thing Ready to help shape the future of…
It might be obvious by now, but here at Udacity, we really love tech and…