What Is Mitre ATT&CK?
MITRE Adversarial Tactics, Techniques, and Common Knowledge a.k.a MITRE ATT&CK® is a framework created by MITRE in 2013 to document attacker tactics and techniques based on real-world observations.
Built based on the Cyber Kill Chain, developed by Lockheed Martin in 2011, MITRE ATT&CK rather than describing a single attack focuses on the indicators and tactics associated with specific adversaries. With organisations evolving, an emulation of both adversary and defender behaviour to advance post-compromise detection of threats sure becomes the cyber strength we seek.
Before MITRE ATT&CK.
Cyber Kill Chain is one of the best-known cyber threat intelligence frameworks.
It breaks down an attack into seven stages. Aiding defenders pinpoint the stage of an attack, Cyber Kill Chain helps deploy appropriate countermeasures.
The Center for Cyber Intelligence Analysis and Threat Research (CCIATR) played a pivotal role as an alternative to Cyber Kill Chain. Their Diamond Model cuts down Kill Chain’s seven steps to a sharp four, tracking aspects like the attacker, the victim, the attacker’s capabilities and their infrastructure.
Modelling on these came MITRE ATT&CK, continually evolving with the threat landscape, becoming a renowned knowledge base for the industry to understand attacker models, methodologies, and mitigation.
How Does MITRE ATT&CK Work?
ATT&CK Framework describes three matrices that consist of tactics and techniques associated with them: Enterprise, Mobile, and PRE-ATT&CK. Enterprise matrix deals with the tactics and techniques for the Windows, macOS, and Linux platforms while Mobile matrix deals with the tactics and techniques for the android and iOS platforms. The PRE-ATT&CK matrix describes the tactics and techniques used by an attacker before attacking a target organization.
What Are MITRE ATT&CK’s Tactics?
Tactics are the short-term goals that the adversary wants to achieve during an attack. ATT&CK Framework has ten tactics:
- Initial Access.
- Privilege Escalation.
- Defence Evasion.
- Credential Access.
- Lateral Movement.
- Command & Control.
Techniques outline how adversaries can achieve their objectives whereas sub-techniques further describe how the behaviour is used to achieve a goal.
Why Mitre ATT&CK?
From intrusion detection, threat hunting, security engineering and threat intelligence, all the way to risk management, MITRE ATT&CK undoubtedly takes you one step closer to cybersecurity.
Integratable with different tools
The integration of ATT&CK’s tactics and techniques with different tools and services can strengthen the security posture. It is already integrated into automated SIEM solutions. Alienvault USM is already integrated with tactics and techniques of ATT&CK Framework.
A common ground for sharing information
Whenever addressing any threat actor, attack, or group security analysts, defenders, and IR teams can use ATT&CK tactics and techniques as a common language.
MITRE and the blue team
MITRE ATT&CK as cyber threat intelligence
Efficiency enhancer of SOC
A security operations centre (SOC) team can use the tactics and techniques of ATT&CK to improve its efficiency. The team can anticipate attackers’ behaviour by observing their techniques, tactics, and procedures used in the past. It also helps them evaluate their defensive strength and unravel misconfigurations and operational concerns.
We at SecuriCentrix want the best for the best and are not willing to let you succumb to any threats.
For More Information,