What is the MITRE ATT&CK Framework?
To prevent cyber attacks, the first step is to understand where a threat actor is going to strike next. It's important to understand the common tactics a threat actor may use, as well as how to stave off those attacks. The MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) Framework was created in 2013 by MITRE to do just that.
Basically, the MITRE ATT&CK framework is a curated knowledge base of known adversary tactics and techniques. The data is pulled from publicly available cyber threat intelligence and incident reporting sources as well as research contributed by security analysts. The database is constantly evolving as the threat landscape changes. Over the years, it has grown into an invaluable resource for the cyber security community.
Open-source framework for threat modeling
As an open source tool, the MITRE framework is freely available and has been widely adopted by the cyber security community. It's used by private enterprises and public agencies to improve their overall security posture and mitigate cyber risks.
It's frequently used to build threat models and methodologies. These can help identify a threat actor's next target, or high risk assets within an organization. MITRE has become a key resource in understanding a threat adversary's behavior, motivation and intention.
At Netenrich, security posture is mapped to MITRE ATT&CK. Netenrich's Resolution Intelligence Cloud platform provides automated log mapping using the MITRE ATT&CK framework. This allows users to identify and remedy detection gaps. It provides comprehensive visibility into an enterprise's security, operations, and asset data.