What Is the MITRE ATT&CK Framework

What Is the MITRE ATT&CK Framework?

The MITRE ATT&CK® framework is a globally recognized knowledge base of tactics and techniques used in cyberattacks. ATT&CK is an acronym for Adversarial Tactics, Techniques, & Common Knowledge. This comprehensive framework is free and preferred by threat hunters, red teamers, and other technical security roles as it helps them map the lifecycle of an attack.

The Benefits of the MITRE ATT&CK Framework

As attacks became more complex there was a need for standard taxonomy and language for professionals to communicate and defend. Categorizing tactics, techniques, and procedures of the adversaries provides several benefits, including:

Helping the security vendors develop new analytics to detect the latest techniques

Allowing red teamers to emulate different types of attacks

Enabling threat intelligence teams to analyze and compare patterns

Assessing an organization’s capabilities to name a few

How Is the Framework Organized?

The MITRE ATT&CK knowledge base is organized into a comprehensive matrix. There are three matrices, but one most often used is Enterprise ATT&CK, which focuses on Windows, macOS, Linux, Cloud, and others common IT platforms. The Enterprise ATT&CK matrix consists of 14 tactics, each containing a set of techniques and sub-techniques with more being added regularly.

1. Reconnaissance

Information gathering

2. Resource Development

Toolkit needed for the attack

3. Initial Access

Getting into the network

4. Execution

Installing malware

5. Persistence

Changes needed to maintain foothold in the network

6. Privilege Escalation

Gaining higher level permissions

7. Defense Evasion

Avoid being detected

8. Credential Access

Harvesting usernames and passwords

9. Discovery

Assessing different parts of the network

10. Lateral Movement

Exploring to find high value target systems

11. Collection

Gathering relevant information for the actions on objectives

12. Command and Control

Establish stealthy communication of compromised systems

13. Exfiltration

Stealing data

14. Impact

Disrupt normal operations

Use Cases for the MITRE ATT&CK Matrix

There are several ways security teams can use the matrix.

Penetration Testing

Model real-work attackers to assess defenses

Strengthen Threat Intelligence Programs

Create content and track trends to inform priorities to mitigate risk

Adversary Simulations

Improve SOC by enabling analysts to quickly assess attacks with precision and prevent attacker from achieving the action on objectives

Communication

Clearly articulate insights with stakeholders

The MITRE ATT&CK Matrix

The MITRE ATT&CK Matrix shows attack tactics on the top row. Each column represents the techniques for each tactic.

The ATT&CK matrix maps directly to D3FEND matrix which provides guidance on countermeasures.

Fortra and the MITRE ATT&CK Framework

Fortra security solutions help organizations across the entire framework. Below are each of the controls along with the solutions that can help address them.

1. Reconnaisance

2. Resource Development

3. Initial Access

4. Execution

5. Persistence

6. Privilege Escalation

7. Defense Evasion

8. Credential Access

9. Discovery

10. Lateral Movement

11. Collection

12. Command and Control

13. Exfiltration

14. Impact

All Fortra Products

Resources

Blog

Think Like a Threat Actor to Identify Your Cybersecurity Blind Spots

Blog

What is a Vulnerability Management Program?

Knowledge Graph

MITRE D3FEND Knowledge Graph

Our team is ready to answer your questions.

Our team of expert problem solvers is ready to find answers to your organization’s toughest problems.