If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn!
The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day. In this article, we will take a closer look at ATT&CK framework and discuss how it can help your organization to stay safe.
Before discussing the ATT&CK Framework, we shall first take a closer look at its creator, MITE Corp.
MITRE is a non-profit corporation based in the United States, Bedford, Massachusetts. It supports numerous US government agencies and manages many federally funded research and development centers (also known as FFRDCs).
MITRE consists of 7 centres that all have different purposes and sponsors:
MITRE Corp. was formed in 1958 with the aim of providing direction to the companies, workers and specialists that worked for the US Air Force SAGE project. After this project was concluded in the early 1960s, MITRE was selected by the FAA to develop a system for automated air control. This project gave birth to NAS (National Airspace System). Following the conclusion of this project, the scope of MITRE widened significantly.
Simply put, MITRE’s ATT&CK Framework is an exhaustive matrix of tactics and techniques often employed by red teamers, threat hunters and various other cybersecurity professionals.
The term ATT&CK is an acronym of Adversarial Tactics Techniques and Common Knowledge. As its name suggests, ATT&CK aims to document and track many different techniques cybercriminals, hackers and attackers use to conduct a cyberattack.
The “Tactics and Techniques” in ATT&CK is a fresh and modern way of approaching cyberattacks. In the past, the result of the attack was the main criteria for classification and mitigation. Today, cybersecurity professionals opt for focusing on the tactics and techniques to classify attacks and come up with proper mitigation methods. Tactics offer a glimpse at “why” and techniques offer a glimpse at “how” of the attack. The “Common Knowledge,” on the other hand, refers to the documentation of cyberattack procedures.
ATT&CK provides a very detailed matrix, displaying different matrices arranged by platforms, attack stages, and more. You can to take a closer look at ATT&CK and see how it works for yourself.
In this article, we explore data management on Logsign SIEM, covering policies, lookup tables, data connections, backup, and signature...