MITRE ATT&CK Framework

InfosecTrain
0

What is the MITRE ATT&CK Framework?

In 2013, MITRE created the MITRE ATT&CK framework to record attacker’s tactics and techniques derived from factual evidence. The framework is designed to be more than just a collection of facts; it is intended to be used as a tool to improve an organization's overall security. MITRE created ATT&CK as a methodology to describe and track the numerous tactics attackers employ to enter the network and exfiltrate data at various phases of a cyberattack. ATT&CK is an acronym for Adversarial Tactics, Techniques, and Common Knowledge. The framework is a matrix of various cyberattack strategies organized by the tactic.


MITRE ATT&CK Matrices

The MITRE ATT&CK framework has three matrices:

 

ATT&CK for enterprise

ATT&CK for mobile

Pre-ATT&CK

       In Windows, Mac, Linux, and cloud systems, it focuses on hostile behavior.

       This matrix emphasizes network defensive strategy by describing the tactics, techniques, and procedures (TTPs) used by attackers once inside the network.

       On the iOS and Android operating systems, it focuses on malicious behavior.

       This included "network-based effects," or attack methods that can be carried out without requiring direct access to the device.

       It focuses on adversarial behavior that is "pre-exploited."

       It enables security teams to accurately monitor and identify attackers’ exercises outside the confines of the corporate network by assisting them in understanding how attackers conduct reconnaissance and choose their point of entry.

 

Core components of Att&CK Framework

      MITRE ATT&CK Tactics

The core components of the ATT&CK framework are tactics, techniques, and sub-techniques. The MITRE ATT&CK matrix contains a collection of methodologies used by adversaries to reach a goal. In the ATT&CK matrix, these objectives are classified as tactics. The following adversary strategies are classified in the most comprehensive edition of ATT&CK for enterprise, which encompasses Windows, macOS, Linux, AWS, GCP, Azure, Azure AD, Office 365, SaaS, and Network environments:


      MITRE ATT&CK Techniques

A technique explains one unique approach an adversary could attempt to achieve a goal. Each "tactics" category contains a plethora of techniques. MITRE ATT&CK now recognizes 185 organizational techniques and 367 sub-techniques.

      MITRE ATT&CK Procedures

Procedures are detailed descriptions of how an adversary intends to attain its target. It also represents common knowledge (CK) of ATT&CK.

MITRE ATT&CK vs. the Cyber Kill Chain

In general, both techniques follow the same pattern: get in, don't get discovered, and steal things. Both are models that define an attacker's behaviors to achieve their goal. The major difference between MITRE ATT&CK and Cyber Chain Kill is that In MITRE ATT&CK, an attack chain has ten steps, but a cyber kill chain has seven steps to identify an attack.

MITRE ATT&CK, with the exception of Cyber Kill Chain, delineates the approaches that can be employed in each stage, in addition to providing more granularity in attack chain tactics.

MITRE ATT&CK's Uses

The MITRE ATT&CK framework can aid a company in a variety of ways. The following are some of the general advantages of using the MITRE ATT&CK framework:


MITRE ATT&CK with InfosecTrain

For individuals who want to improve their expertise in the field of cybersecurity, InfosecTrain offers the MITRE ATT&CK training course, which can be used to counter the technique of different cybersecurity threats.


Post a Comment

0Comments

Post a Comment (0)