MITRE ATT&CK is a platform that organizes and categorizes various types of tactics, techniques, and procedures used by threat actors in the digital world, helping organizations pinpoint gaps in their cyber-defenses. MITRE ATT&CK is based on Lockheed Martin’s Cyber Kill Chain.
The goal is to create a comprehensive list of known adversary tactics and techniques used during a cyberattack. Open to government, education, and commercial organizations, it should be able to collect a wide, and hopefully exhaustive, range of attack stages and sequences.
All the information that is collected about attacks is presented in various matrices, such as enterprise, mobile and pre-attack matrices. Each matrix is divided into a series of tactics. Each tactic is divided into specific techniques corresponding to each type of attack.
There are a number of ways an organization can use MITRE ATT&CK. Here are the primary use cases.
Adversary Emulation – Create adversary emulation scenarios to test and verify defenses against common adversary techniques.
Red Teaming – Create red team plans and organize operations to avoid certain defensive measures that may be in place within a network.
Behavioral Analytics Development – Construct and test behavioral analytics to detect adversarial behavior within an environment.
Defensive Gap Assessment – Assess tools, monitoring, and mitigations of existing defenses within an organization’s enterprise.
SOC Maturity Assessment – Determine how effective a SOC is at detecting, analyzing, and responding to intrusions.
Cyber Threat Intelligence Enrichment – Understanding and documenting adversary group profiles from a behavioral perspective that is agnostic of the tools the group may use.