Introduction
The MITRE ATT&CK® framework is a knowledge-base of tactics and techniques used by attackers which is compiled based on real-world cyber-attack observations. MITRE brings communities together to develop more effective cybersecurity protection by gathering the threat intelligence information needed to thwart these attacks.
What is MITRE?
The MITRE Corporation is a non-profit organization, founded in 1958, that provides engineering and technical guidance on advanced technology problems like cybersecurity.
Why is ATT&CK important?
ATT&CK assembles information on how attackers behave to help organizations better protect themselves and defend against cyber threats.
What is an ATT&CK Matrix?
MITRE organizes its observations about attack behaviors into tables called Matrices. Each Matrix addresses a different target, like enterprise operating systems and cloud platforms, mobile devices, or industrial control systems.
What are TTPs?
ATT&CK’s descriptions of tactics, techniques, and procedures (TTPs) used by attackers provide deep insight into attacker behavior.
Why is MITRE important and how does it work?
MITRE compiles information from attacks so that cybersecurity professionals can incorporate this threat intelligence into their cyber defense operations, allowing them to test and determine whether any security gaps exist which may impact their operational resilience. As a result, organizations have an enhanced ability to detect and mitigate attacks whilst creating a better threat-centric understanding of the company’s vulnerabilities as they plan their defenses.
Effective cybersecurity relies on gathering strong ongoing intelligence built through analytics as cyber attacks are continually evolving. That’s why leveraging the ATT&CK Framework is becoming a differentiating factor for those who wish to have robust, effective, and proactive security in an ever-evolving threat ecosystem. By utilizing the variety of analytics from various sources and emulating attacker scenarios, organizations can better predict, prepare for and detect cyberattacks, creating strategies to adapt and respond much faster and more effectively.
