What is MITRE ATT&CK Framework?
MITRE ATT&CK is perhaps the largest, most in-depth, organized, and strongly supported knowledge base of adversarial behavior. Using this framework, an organization can review their security controls and gain visibility into gaps in their defenses. Security management can rapidly and easily identify critical problems for remediation. This objective assessment provides a data-driven approach to prioritizing and scaling a cybersecurity program and budget. MITRE has expanded the Kill Chain to include the widest variety of tactics, which are then supported by detailed techniques. There are a total of 13 tactics and 192 techniques in the MITRE framework.
- Tactic (13): is defined by what attackers are trying to achieve. Ex: Initial Access.
| ID | Name | Description |
|---|---|---|
| TA0043 | Reconnaissance | The adversary is trying to gather information they can use to plan future operations. |
| TA0042 | Resource Development | The adversary is trying to establish resources they can use to support operations. |
| TA0001 | Initial Access | The adversary is trying to get into your network. |
| TA0002 | Execution | The adversary is trying to run malicious code. |
| TA0003 | Persistence | The adversary is trying to maintain their foothold. |
| TA0004 | Privilege Escalation | The adversary is trying to gain higher-level permissions. |
| TA0005 | Defense Evasion | The adversary is trying to avoid being detected. |
| TA0006 | Credential Access | The adversary is trying to steal account names and passwords. |
| TA0007 | Discovery | The adversary is trying to figure out your environment. |
| TA0008 | Lateral Movement | The adversary is trying to move through your environment. |
| TA0009 | Collection | The adversary is trying to gather data of interest to their goal. |
| TA0011 | Command and Control | The adversary is trying to communicate with compromised systems to control them. |
| TA0010 | Exfiltration | The adversary is trying to steal data. |
| TA0040 | Impact | The adversary is trying to manipulate, interrupt, or destroy your systems and data. |
Source: https://attack.mitre.org/tactics/enterprise/
- Techniques (192) (https://attack.mitre.org/techniques/enterprise/): is defined by how a hacker accomplishes the steps or goals to achieve a tactic (ex: Phishing is a technique associated with Initial Access tactic) and can help answer key questions about an attack.
Why is the MITRE ATT&CK Framework Important?
MITRE ATT&CK has brought a well-matured taxonomy of the tactics and techniques that may be leveraged by any prospective attacker. This provides, for the first time, a common lexicon that enables stakeholders, cyber defenders, and vendors to clearly communicate on the exact nature of a threat and the objective assessment of the cyber defense plan that can defeat it.
Benefits of using the ProcessUnity Attack Scenario Analytics based on MITRE framework for Risk Management include:
- MITRE ATT&CK framework is a standard. It is the most comprehensive, granular and widely adopted framework in the Cybersecurity industry for attack/kill-chain modeling.
- By leveraging MITRE techniques to create kill chains/use cases, The Exchange can help uncover gaps that might have gone unreported otherwise.
- Utilizing MITRE as the underlying framework for our use cases allows our customers to more easily integrate The Exchange results with their internal risk and threat management programs.
- MITRE-based analytics provide increased credibility and defensibility to the ProcessUnity risk findings to support third-party decisions and relationships.
- Additional exposure of threats and risk concerns enables improved third-party detection, monitoring and response to attacks.
MITRE ATT&CK Framework mapping with ProcessUnity Security Controls and Risk Findings:
© 2021 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation