Protection against cyberattacks is a priority for modern business. Detecting potential threats requires a thorough understanding of common attacker techniques and tactics. It is also important for organizations to know how to mitigate these risks. Unfortunately, cybercriminals are innovative and come up with new tactics all the time. It has become impossible for a single organization to monitor every single one of these techniques. It is even more difficult to translate these findings meaningfully for people outside the organization. To address these issues, MITRE created the ATT&CK Framework in 2013.

What is the MITRE ATT&CK framework? 

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base for cybercriminal behavior, the various phases of attack, and the common platforms they target. It also offers a complete matrix of techniques and tactics used by cybersecurity specialists to classify attacks and evaluate an organization’s risk profile.

The framework is designed to answer pertinent questions about a cyberattack. For instance, how did the criminal manage the attack? How did he gain access? How did he move around? Having answers to such questions can help organizations take measures to prevent cyberattacks in the future. The MITRE ATT&CK framework provides real-life examples of appropriate adversary behavior. It also provides information about methods and techniques for environment-specific attacks and standardized language for different cybercriminal methodologies.

Who can use it?

All organizations can use the MITRE ATT&CK framework, regardless of whether they are public, private, or non-profit. It is available for enterprise environments and supports Windows, PRE, Linux, Mac OS, and Cloud. The framework is also available on Android and iOS mobile devices.

What does the MITRE ATT&CK matrix contain?

The MITRE ATT&CK matrix consists of a collection of techniques that adversaries use to accomplish an objective. Enterprise tactics have been segregated into 14 tactics:

1.    Reconnaissance: Collecting information about the target organization

2.    Resource Development: Establishing resources to execute an attack

3.    Initial Access: Common techniques to get inside your network

4.    Execution: Running a malicious code on the target network

5.    Persistence: Maintain a foothold evading defense attempts

6.    Privilege Escalation: Obtaining access to higher-level permissions

7.    Defense Evasion: Avoiding detection by disabling security systems

8.    Credential Access: Stealing account credentials

9.    Discovery: Figuring out the network environment

10. Lateral Movement: Using legitimate credentials to move between systems

11. Collection: Gathering information to steal data

12. Command and Control: Controlling the network with different levels of stealth

13. Exfiltration: Exfiltrate data from the compromised network.

14. Impact: Manipulate, destroy, or interrupt the compromised systems

Who can benefit from the MITRE ATT&CK Framework?

All organizations can benefit from the MITRE ATT&CK framework. They can use it for tracking attacks, deciphering patterns, and evaluating the effectiveness of defense systems already in place.