{"id":5046,"date":"2020-04-08T14:35:57","date_gmt":"2020-04-08T21:35:57","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5046"},"modified":"2020-12-16T17:30:08","modified_gmt":"2020-12-17T01:30:08","slug":"primary-applications-of-the-mitre-attck-framework","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/primary-applications-of-the-mitre-attck-framework\/","title":{"rendered":"Primary Applications of the MITRE ATT&CK Framework"},"content":{"rendered":"

The MITRE ATT&CK framework is being widely adopted by the cybersecurity industry because it provides a common language to communicate different methods by which threat actors (adversaries) can launch real-world cyberattacks, and how they can bypass your defenses to accomplish their mission. In this blog, we going to describe the primary ways MITRE ATT&CK data is being used by the cybersecurity professionals to identify gaps and strengthen defenses.<\/p>\n

Before we proceed, let\u2019s step back and take a moment to understand what is the MITRE ATT&CK framework and how it can be used to deconstruct various types of cyberattacks.<\/p>\n

What is MITRE ATT&CK?<\/h2>\n

MITRE ATT&CK<\/a> is a globally accessible knowledge base of tactics and techniques used by adversaries to launch cyberattacks. MITRE is a government funded research organization that started the project of gathering and curating real-world attack scenarios back in 2013. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge, which is growing repository of attacks openly shared with government, education and commercial organizations.<\/p>\n

Tactics and techniques<\/em> are a new way of representing the taxonomy of cyberattacks. Instead of looking at the results of a cyberattack after it is successful as Indicators of Compromise (IoCs)<\/em>, security analysts can use tactics and techniques to see how an attack is propagated as it is in progress. Tactics represents the \u201cwhy\u201d of the attack, techniques represent \u201chow\u201d the adversary achieves the tactical objective, and CK is the documented use of tactics and techniques by adversaries.<\/p>\n

Understanding MITRE ATT&CK Matrices<\/h2>\n

The MITRE ATT&CK matrix organizes all known attack tactics and techniques into an easy to understand format, with the 11 different tactics that represent the different stages of the attack across the top. Multiple techniques to accomplish each tactic is listed down each column. A successful cyberattack sequence is built from moving from the leftmost column (Initial Access) to the rightmost column (Exfiltration).<\/p>\n

\"\"<\/a><\/p>\n

As shown in the Table snippet above taken from the Enterprise MITRE ATT&CK matrix<\/a>, it lists 3 different techniques of launching a Spearphishing attack \u2013 via malicious file attachment, malicious link, and rogue service. The rest of the table is a comprehensive list of techniques for launching various cyberattacks in the enterprise. MITRE also has curated lists for attacks on mobile devices<\/a>, industrial control systems<\/a>, and pre-attack sequences<\/a> that are steps taken by adversaries before an attack is launched.<\/p>\n

Primary Applications of the MITRE ATT&CK Framework<\/h2>\n

Beyond offering a common language for describing cyberattacks, the ATT&CK framework is being used by cybersecurity professionals for testing adversarial behavior and strength of cyber defenses in the following ways.<\/p>\n