Personal tools

MITRE ATT&CK

Cornell Women's Rowing_091421A
[Cornell Women's Rowing]
  

 

 

- The Goal of ATT&CK

ATT&CK is a living, growing framework of common tactics, techniques, and procedures (TTP) used by advanced persistent threats (APTs) and other cybercriminals. ATT&CK makes their matrices accessible to the private sector, governments, the cybersecurity product and service community, and the general public.

ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations of cyber security threats. They’re displayed in matrices that are arranged by attack stages, from initial system access to data theft or machine control. There are matrices for common desktop platforms - Linux, macOS and Windows—as well as mobile platforms. There are more than 260 techniques identified in the ATT&CK framework, which are mapped to 11 corresponding tactics.  

The goal of ATT&CK is to create a comprehensive list of known adversary tactics and techniques used during a cyberattack. Open to government, education, and commercial organizations, it should be able to collect a wide, and hopefully exhaustive, range of attack stages and sequences. MITRE ATT&CK is intended to create a standard taxonomy to make communications between organizations more specific.

ATT&CK has been rapidly adopted by the community because, ATT&CK maps and indexes virtually everything regarding an intrusion from both the attack and defense sides. ATT&CK includes data on threat groups, their TTPs, and even provides references and examples. Attack scenarios mapped via ATT&CK can be reproduced by red teams, and tested by blue teams. ATT&CK, due to the Evaluations, now has data on cybersecurity vendors, their solutions, and their capabilities. 

 

- MITRE

MITRE is an US government-funded research organization based in Bedford, MA, and McLean, VA. The company was spun out of MIT in 1958 and has been involved in a range of commercial and top secret projects for a range of agencies. These included the development of the FAA air traffic control system and the AWACS airborne radar system. MITRE has a substantial cybersecurity practice funded by the National Institute of Standards and Technology (NIST). 

Note: Interestingly, MITRE is not an acronym, though some thought it stood for Massachusetts Institute of Technology Research and Engineering. The name is the creation of James McCormack, an early board member, who wanted a name that meant nothing, but sounded evocative.

 

[More to come ...]

 

 

Document Actions