MITRE ATT&CK Framework
MITRE ATT&CK is an accessible and curated knowledge base and model for cyber adversary behavior.
The acronym stands for Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). It reflects the several phases of an adversary’s attack lifecycle, and the platforms they are known to target.
History of MITRE ATT&CK
MITRE ATT&CK was created in 2013 as a result of MITRE’s Fort Meade Experiment (FMX) where researchers emulated both adversary and defender behavior to improve post-compromise detection of threats through telemetry sensing and behavioral analysis.
The researchers developed ATT&CK to use as a tool to categorize adversary behavior after asking themselves one question, “How well are we doing at detecting documented adversary behavior?”
MITRE developing the ATT&CK framework was crucial for the cybersecurity industry because of the massive volume and breadth of attack tactics. The amount of attack tactics makes it nearly impossible for one organization to monitor every possible attack type.
Breakdown of the MITRE ATT&CK Framework
Resembling a periodic table, the ATT&CK matrix structure has column headers outlining phases in the attack chain. They have rows to detail specific techniques used by adversaries to accomplish a particular objective.
The objectives are categorized into several tactics in the ATT&CK Matrix, such as reconnaissance, initial access, and defense evasion, to name a few.
Each tactic from the matrix has an adversary technique. The technique describes the activity that is carried out by the adversary. Keep in mind that MITRE has ATT&CK broken out into different matrices such as Enterprise, Mobile, and PRE-ATT&CK.
The Enterprise matrix is composed of techniques and tactics specific to Windows, Linux, and MacOS systems. Mobile is made up of tactics and techniques for mobile devices, and PRE-ATT&CK is related to what an attacker would do before attempting to exploit a specific target network or system.
How Does the MITRE ATT&CK Framework Apply to Organizations?
The ATT&CK Framework is a recognized authority on understanding what behaviors and techniques hackers use against organizations today.
It provides security teams with practical applications and provides industry professionals with a common vocabulary to discuss and understand these adversary methods.
Here are some ways the MITRE ATT&CK Framework comes in handy:
- Prioritizing detection based on a company’s specific and unique environment
- Evaluating current defenses
- Tracking cybercriminal techniques to inform cybersecurity roadmap
Sedara Whiteboard Series
Still have questions?
Sedara is equipped with a team of security professionals and experts who can help you better understand and protect your cybersecurity environment. If you want to keep your organization protected, reach out to us.
Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.