What is MITRE ATT&CK Framework?
MITRE ATT&CK is perhaps the largest, most in-depth, organized, and strongly supported knowledge base of adversarial behavior. Using this framework, an organization can review their security controls and gain visibility into gaps in their defenses. Security management can rapidly and easily identify critical problems for remediation. This objective assessment provides a data-driven approach to prioritizing and scaling a cybersecurity program and budget. MITRE has expanded the Kill Chain to include the widest variety of tactics, which are then supported by detailed techniques. There are a total of 13 tactics and 192 techniques in the MITRE framework.
- Tactic (13): is defined by what attackers are trying to achieve. Ex: Initial Access.
ID | Name | Description |
---|---|---|
TA0043 | Reconnaissance | The adversary is trying to gather information they can use to plan future operations. |
TA0042 | Resource Development | The adversary is trying to establish resources they can use to support operations. |
TA0001 | Initial Access | The adversary is trying to get into your network. |
TA0002 | Execution | The adversary is trying to run malicious code. |
TA0003 | Persistence | The adversary is trying to maintain their foothold. |
TA0004 | Privilege Escalation | The adversary is trying to gain higher-level permissions. |
TA0005 | Defense Evasion | The adversary is trying to avoid being detected. |
TA0006 | Credential Access | The adversary is trying to steal account names and passwords. |
TA0007 | Discovery | The adversary is trying to figure out your environment. |
TA0008 | Lateral Movement | The adversary is trying to move through your environment. |
TA0009 | Collection | The adversary is trying to gather data of interest to their goal. |
TA0011 | Command and Control | The adversary is trying to communicate with compromised systems to control them. |
TA0010 | Exfiltration | The adversary is trying to steal data. |
TA0040 | Impact | The adversary is trying to manipulate, interrupt, or destroy your systems and data. |
Source: https://attack.mitre.org/tactics/enterprise/
- Techniques (192) (https://attack.mitre.org/techniques/enterprise/): is defined by how a hacker accomplishes the steps or goals to achieve a tactic (ex: Phishing is a technique associated with Initial Access tactic) and can help answer key questions about an attack.
Why is the MITRE ATT&CK Framework Important?
MITRE ATT&CK has brought a well-matured taxonomy of the tactics and techniques that may be leveraged by any prospective attacker. This provides, for the first time, a common lexicon that enables stakeholders, cyber defenders, and vendors to clearly communicate on the exact nature of a threat and the objective assessment of the cyber defense plan that can defeat it.
Benefits of using the GRX Attack Scenario Analytics based on MITRE framework for Risk Management include:
- MITRE ATT&CK framework is a standard. It is the most comprehensive, granular and widely adopted framework in the Cybersecurity industry for attack/kill-chain modeling.
- By leveraging MITRE techniques to create kill chains/use cases, the GRX can help uncover gaps that might have gone unreported otherwise.
- Utilizing MITRE as the underlying framework for our use cases allows our customers to more easily integrate the GRX results with their internal risk and threat management programs.
- MITRE-based analytics provide increased credibility and defensibility to the GRX risk findings to support third-party decisions and relationships.
- Additional exposure of threats and risk concerns enables improved third-party detection, monitoring and response to attacks.
MITRE ATT&CK Framework mapping with the GRX Security Controls and Risk Findings:
MITRE Visibility within the GRX platform
The GRX's Attack Scenario Analytics leverages the MITRE ATT&CK framework to create kill chains/use cases to help uncover gaps that may have gone unreported otherwise. MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK framework is the most comprehensive and widely adopted framework for threat hunting analysis.
The chart below identifies high-level tactic vulnerabilities and inspects assessment results in the context of attack post-mortems.
TP Effectiveness across MITRE Tactics: Identify high level technique & tactic vulnerabilities
Attack Scenario Analytics and Predictive Data
Attack Scenario Analytics can now use predictive data to evaluate levels of risk across the 13 key MITRE security categories with the “Predictive Expansion.” Using data from the world’s largest third-party cyber risk Exchange and outside-in data, our predictive data has up to 91% accuracy and can offer a Predicted Value of risk for each key security category posed to your organization within a predictive minimum and maximum range represented by the shaded region allowing you to pinpoint outliers that will require further assessments to ensure they meet your security standards.
© 2021 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation
Comments
0 comments
Please sign in to leave a comment.