Today, we’re going to talk about cybersecurity with a really cool tool that could help protect your networks against advanced threats: ATT&CK.
Created by MITRE in 2013, ATT&CK documents the tactics, techniques, and procedures (TTP) commonly used by advanced persistent threats against enterprise Windows networks. But it’s not just a list of tools and malware used by attackers, as ATT&CK focuses mainly on how these actors interact with systems during an operation.
The site organizes these TTPs in a matrix to provide context for each technique used by cyber attackers. For example, the “Persistence” tactic represents the attacker’s goal of maintaining a presence in the target environment. This tactic is then associated with several other techniques to make it effective, depending on the targeted system.
This matrix is probably the most well-known aspect of this knowledge base because it is often used to show the defense surface of an environment, the detection capabilities of security products, and the results of an incident or attack simulation.
But ATT&CK goes even further by integrating threat intelligence to enable a better understanding of the behaviors of attacker groups. Analysts can thus focus on the most commonly used techniques by specific groups, such as the infamous APT29 group, and understand how these groups use them.
So, what does this mean for you concretely?
Well, if you work in cybersecurity, you can use ATT&CK to improve your defense against advanced threats by identifying the TTPs commonly used by attackers and ensuring that your defenses cover these attack vectors. You can also use ATT&CK to test your defenses by simulating attacks that use specific TTPs and measuring your ability to detect them.
It’s a super useful tool to help protect systems against advanced threats. It’s free and accessible to everyone!
Leave a Comment