MITRE ATT&CK
Think like an attacker to defend your enterprise
What is
MITRE ATT&CK?
The MITRE Corporation, a nonprofit organization founded in 1958, does work for U.S. government agencies in a wide variety of areas. MITRE ATT&CK (Adversarial Tactics, Techniques, And Common Knowledge) was developed and released by MITRE Corp. in 2015. The MITRE ATT&CK framework is a comprehensive knowledge base of cyberattacker tactics and techniques gathered from actual observations of attacker behavior. Using the data contained in the MITRE ATT&CK knowledge base, anyone on your cyberdefense team can review and contrast attacker activity and then understand the best options for defense. The framework is free and open to everyone.
MITRE ATT&CK provides an objective environment in which to assess cybersecurity risk and identify potential security gaps. Once these gaps are understood, your organization can make objective decisions about addressing these risks. It then can identify priorities and make the best business decisions for deploying security controls and other resources.
“Attackers often stick with the same tactics, techniques and procedures that bring them success. As a result, their activities leave digital fingerprints behind as to who they are. As they move from technique to technique, they provide clues and hints about their identity, the likely next steps they will take and the best ways to stop them before they can exfiltrate data and impact your operations. The structured knowledge in MITRE ATT&CK helps defenders think like an attacker. This helps the defenders to detect and stop cyberattacks before they can cause damage or exfiltrate confidential data.”
Anthony James, VP of Product Marketing, Infoblox
Basic components of
MITRE ATT&CK
- The MITRE ATT&CK framework supplies a comprehensive taxonomy for better understanding what an attacker will likely do next once they have penetrated a network.
- The MITRE ATT&CK Enterprise Matrix provides a navigable taxonomy to all attack techniques that might involve Windows, Mac and Linux systems. Available as an online tool from the MITRE organization, the matrix covers 12 tactics, each relying on between 9 and 67 distinct techniques. In some cases, different tactics may employ the same techniques.
Benefits of
MITRE ATT&CK
MITRE ATT&CK: A core component of your cyberdefense
MITRE ATT&CK is a highly powerful open-source tool to understand and classify cyberattacker tactics, techniques and procedures. MITRE has enabled a common taxonomy to classify attackers and their behavior in a consistent and readily communicated way, making it easier to improve cyberdefenses. With it, cyberdefense teams can design a comprehensive strategy against likely threats, tactics and techniques that attackers may exhibit, assess risks and then prioritize and remediate gaps in their security controls.
How to get started with MITRE ATT&CK
Download our white paper on MITRE ATT&CK to learn more. It describes why the MITRE ATT&CK framework is an invaluable resource for cybersecurity teams and provides an overview of the features and benefits of this key security framework. Using the MITRE ATT&CK interactive database on attack methods based on real-world observations, your security practitioners can better understand cyberattacks and make faster, more informed decisions when they need to anticipate and repel them.
Find out more
Infoblox
Threat Defense™
Quickly deploy on-premises, cloud or hybrid DNS-layer security everywhere
Infoblox Threat Defense™
Quickly deploy on-premises, cloud or hybrid DNS-layer security everywhere
Cybersecurity
Ecosystem
Automate SecOps response and efficiency with advanced integrations
Cybersecurity Ecosystem
Automate SecOps response and efficiency with advanced integrations
Advanced
DNS Protection
Protect enterprise DNS infrastructure to ensure maximum uptime
Advanced DNS Protection
Protect enterprise DNS infrastructure to ensure maximum uptime
Threat Intelligence
Leverage DNS and multi-sourced threat intel to improve effectiveness of your total security stack
Threat Intelligence
Leverage DNS and multi-sourced threat intel to improve effectiveness of your total security stack