What is MITRE Att&ck?
Matrix, Evaluation and Spreadsheet

What is Mitre Att&ck?

Mitre Att&ck is a substantiated collection of information on advanced persistent (APT) behaviors, which has been used in real cyber-attacks at various stages. 
Att&ck, which originally stood for adversarial tactics, method, and common knowledge, contains a detailed description of the practical tactics of those groups (technical targets to be achieved), techniques (methods used), and procedures, commonly known as TTP. 
The Mitre Att&ck Evaluations support the cyber-security community improve safety products and provide end-users with objective knowledge and insight into the ability to detect recognized adversary behaviors, said Jon Baker, A Director of Research & Development, Center for Threat Informed Defense at MITRE. 
The Mitre Att&ck Evaluation team has chosen to emulate APT29 because this offered an opportunity to evaluate cyber security product lines against an opponent who uses advanced technological implementations using custom malware and different execution processes, including PowerShell and WMI.

Who uses Mitre Att&ck and Why?

Mitre Att&ck is a free tool widely adopted by public and private sector organizations of all sizes or industries. Users include privacy defenders, penetration testing personnel, network, and cyber-threatening intellect teams, and internally responsible teams for building safe systems, applications, and services. 
The wealth of information it contains on attacks (and attackers) can help organizations determine whether they are accumulating the right data to detect attacks effectively and to assess how well their current defenses work. 
In contrast to other models from a defender’s point of view, Att&ck deliberately takes an attacker’s view to help organizations understand how opponents are approaching, prepared, and successfully perpetrated. 
This also tends to make Att&ck an outstanding resource and instruction tool for people who want to get into the fields of cyber security or advanced threat and those who certainly want to learn more about attacker’s behavior.

What are the ATT&CK Matrices?

In the Att&ck framework, there are three matrices:

  • Enterprise Att&ck — an opponent model that illustrates steps that an attacker can conduct in a business network. It focuses mostly on post-compromise conduct. This array can priorities the protection of the network by detailing how attackers employ the tactics, techniques, and procedures (TTP) once within the network.
  • Pre- Att&ck — this matrix concentrates on pre-attack actions, generally outside the perspective of the organization. It helps safety teams understand how attackers recognize and select their entry point and allows them to monitor or identify attacker activity beyond the business network’s borders more efficiently.
  • Mobile Att&ck — based just on NIST Mobile Threat Catalog, it’s a threat model that attackers can use to infiltrate mobile phones. These include “network-based impacts,” attack techniques that can be carried out without direct device access.

The Mitre Att&ck Matrix can easily be understood visually by organizing all known approaches and tactics.

Mitre Att&ck Spreadsheet

Mitre Att&ck Spreadsheet consists of 12 strategies and hundreds of more techniques employed in real-world cyber security incidents by adversaries to provide highly effective dead chain architecture for today’s security services.

Mitre Att&ck Uses

  • Plan your cyber security strategy with the help of Mitre Att&ck. Create a defense to counter the recognized approaches, and equip your surveillance to identify indications of Att&ck procedures in your network as they are being implemented.
  • A resource for Incident Handling teams, Att&ck is a must-have. Your IR team can use Attack to assess the nature of the dangers you are encountering and techniques to minimize the hazards you are experiencing.
  • Your incident response team can utilize Mitre Att&ck as a baseline for new cyber security risks, and they can plan as a result of this.
  • Mitre Att&ck can assist you in evaluating your overall cyber security program and identify and close any gaps that are discovered.

How does the Mitre Att&ck help an organization?

The Mitre Att&ck is widely recognized as the de facto standard for understanding the behaviors and techniques which hackers employ against organizations in the modern world. It removes uncertainty and provides a common language skill for people in the industry to discuss and collaborate on countering these adversary methodologies and has practical uses for security teams. It is available in both English and Spanish.

Who was the inventor of Mitre ATT&CK?

Mitre has developed a framework known as Mitre Att&ck Structure throughout 2013 to demonstrate attacker tactics and strategies based on analysis of real-world attacks. This index continues to evolve in tandem with the threat landscape. It has established itself as a renowned body of knowledge for the industry, helping better understand attacker models, methods, and mitigation strategies.

Read more about MITRE att&ck and related topics: