MITRE ATT&CK

Think like an attacker to defend your enterprise

What is
MITRE ATT&CK?

The MITRE Corporation, a nonprofit organization founded in 1958, does work for U.S. government agencies in a wide variety of areas. MITRE ATT&CK (Adversarial Tactics, Techniques, And Common Knowledge) was developed and released by MITRE Corp. in 2015. The MITRE ATT&CK framework is a comprehensive knowledge base of cyberattacker tactics and techniques gathered from actual observations of attacker behavior. Using the data contained in the MITRE ATT&CK knowledge base, anyone on your cyberdefense team can review and contrast attacker activity and then understand the best options for defense. The framework is free and open to everyone.

MITRE ATT&CK provides an objective environment in which to assess cybersecurity risk and identify potential security gaps. Once these gaps are understood, your organization can make objective decisions about addressing these risks. It then can identify priorities and make the best business decisions for deploying security controls and other resources.

“Attackers often stick with the same tactics, techniques and procedures that bring them success. As a result, their activities leave digital fingerprints behind as to who they are. As they move from technique to technique, they provide clues and hints about their identity, the likely next steps they will take and the best ways to stop them before they can exfiltrate data and impact your operations. The structured knowledge in MITRE ATT&CK helps defenders think like an attacker. This helps the defenders to detect and stop cyberattacks before they can cause damage or exfiltrate confidential data.”

Anthony James, VP of Product Marketing, Infoblox

Basic components of
MITRE ATT&CK

The MITRE ATT&CK framework supplies a comprehensive taxonomy for better understanding what an attacker will likely do next once they have penetrated a network.
The MITRE ATT&CK Enterprise Matrix provides a navigable taxonomy to all attack techniques that might involve Windows, Mac and Linux systems. Available as an online tool from the MITRE organization, the matrix covers 12 tactics, each relying on between 9 and 67 distinct techniques. In some cases, different tactics may employ the same techniques.

Learn more

Benefits of
MITRE ATT&CK

The framework enables you to think like an attacker, helping you balance your defensive measures against steps an attacker will likely take.

It also helps you make better decisions about assessing risks, deploying new security controls and defending your network.

Important use cases reduce risk and allow more efficient allocation of cybersecurity budgets through red team (penetration testing), threat intelligence, blue team (security analysts), vendor analysis and breach and attack simulation.

MITRE ATT&CK: A core component of your cyberdefense

MITRE ATT&CK is a highly powerful open-source tool to understand and classify cyberattacker tactics, techniques and procedures. MITRE has enabled a common taxonomy to classify attackers and their behavior in a consistent and readily communicated way, making it easier to improve cyberdefenses. With it, cyberdefense teams can design a comprehensive strategy against likely threats, tactics and techniques that attackers may exhibit, assess risks and then prioritize and remediate gaps in their security controls.

Learn more

How to get started with MITRE ATT&CK

Download our white paper on MITRE ATT&CK to learn more. It describes why the MITRE ATT&CK framework is an invaluable resource for cybersecurity teams and provides an overview of the features and benefits of this key security framework. Using the MITRE ATT&CK interactive database on attack methods based on real-world observations, your security practitioners can better understand cyberattacks and make faster, more informed decisions when they need to anticipate and repel them.

Read whitepaper