If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn!
The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day. In this article, we will take a closer look at ATT&CK framework and discuss how it can help your organization to stay safe.
Who is MITRE?
Before discussing the ATT&CK Framework, we shall first take a closer look at its creator, MITE Corp.
MITRE is a non-profit corporation based in the United States, Bedford, Massachusetts. It supports numerous US government agencies and manages many federally funded research and development centers (also known as FFRDCs).
MITRE consists of 7 centres that all have different purposes and sponsors:
- National Security Engineering Centre (sponsored by the US Department of Defence)
- Centre for Advanced Aviation System Development (sponsored by the US Federal Aviation Administration)
- Centre for Enterprise Modernization (sponsored by the US Internal Revenue Service and Department of Veterans Affairs)
- Homeland Security Systems Engineering and Development Institute (sponsored by the US Department of Homeland Security)
- Judiciary Engineering and Modernization Centre (sponsored by the Administrative Office of the United States Courts)
- CMS Alliance to Modernize Healthcare (sponsored by the Centres for Medicare and Medicaid Services)
- National Cybersecurity FFRDC (sponsored by the US National Institute of Standards and Technology)
MITRE Corp. was formed in 1958 with the aim of providing direction to the companies, workers and specialists that worked for the US Air Force SAGE project. After this project was concluded in the early 1960s, MITRE was selected by the FAA to develop a system for automated air control. This project gave birth to NAS (National Airspace System). Following the conclusion of this project, the scope of MITRE widened significantly.
What is MITRE ATT&CK Framework?
Simply put, MITRE’s ATT&CK Framework is an exhaustive matrix of tactics and techniques often employed by red teamers, threat hunters and various other cybersecurity professionals.
The term ATT&CK is an acronym of Adversarial Tactics Techniques and Common Knowledge. As its name suggests, ATT&CK aims to document and track many different techniques cybercriminals, hackers and attackers use to conduct a cyberattack.
The “Tactics and Techniques” in ATT&CK is a fresh and modern way of approaching cyberattacks. In the past, the result of the attack was the main criteria for classification and mitigation. Today, cybersecurity professionals opt for focusing on the tactics and techniques to classify attacks and come up with proper mitigation methods. Tactics offer a glimpse at “why” and techniques offer a glimpse at “how” of the attack. The “Common Knowledge,” on the other hand, refers to the documentation of cyberattack procedures.
ATT&CK provides a very detailed matrix, displaying different matrices arranged by platforms, attack stages, and more. You can to take a closer look at ATT&CK and see how it works for yourself.