Ransomware is on the rise, massive data breaches are announced with scary regularity, and APTs continue to nestle themselves in networks going completely undetected for months and sometimes even years. Although organizations across all industries keep on increasing their cybersecurity budgets and hiring more staff, these measures are still not sufficient and effective enough.
Lately, there has been a lot of noise around ATT&CK™, the Adversarial Tactics, Techniques, and Common Knowledge base of MITRE, the non-profit organization that operates research and development centers sponsored by the federal government.
ATT&CK™ is becoming popular since it is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. As such, it can serve as a base for developing specific threat models. This is especially useful for understanding security risks against known malicious behavior, for planning security improvements, and for verifying that the cyber security tools in place behave as expected.
So how does it exactly help? Well, the enterprise model and framework describes how attacks can take place for compromising an organization.
The ATT&CK™ framework can be used to better characterize and describe the attacker’s behavior after an attack took place. Since it details the tactics, techniques, and procedures (TTPs) that were used in both APT attacks and sporadic attacks. This is especially useful for red and blue teams testing the security posture of their organization. A Breach & Attack Simulation platform, such as the one of Cymulate, coupled with the threat detection framework of ATT&CK™, assists with testing a myriad of attack scenarios, as well as adversary TTPs. With the testing results, cybersecurity staff can mitigate threats before they have a chance to compromise the organization’s network.
To check out the latest version of the MITRE’s ATT&CK tool, click here