There are many tools, platforms, and strategies that seek to mitigate and minimize cyber threats, reducing some of the burden and giving organizations the power to protect themselves from hackers.
The threat of a security breach must not be ignored in any business setting, from the corridors of a multinational corporation to the offices of a startup.
The MITRE ATT&CK framework is one of the best examples of cutting-edge, specialist, commercial cybersecurity. For those unfamiliar with it, let’s go over what it is, what it does, and how it can be used by companies today.
Getting started
While it might look like a typo, the MITRE ATT&K framework is, of course, a shortened version of a longer phrase. The Adversarial Tactics, Techniques, and Common Knowledge framework was originated by MITRE’s researchers in 2013 and sets out to explore how hackers behave so that their victims can defend themselves more effectively.
At its core, it provides companies with a raft of information on how attacks are carried out and what the goals of their perpetrators might be. In the same way police detectives attempt to think like criminals to catch them, so too the ATT&CK framework mimics the actions of nefarious forces to counteract them in real-world scenarios.
Understanding Likely Attacker Strategies
While the framework is understandably deep once you delve into it, there are some surface details that will help you appreciate some of the aspects of what it covers.
The overarching ATT&CK Matrix is useful in this regard. A total of 14 tactics are included within it, which are further broken down into distinct techniques. When put together, these paint a picture of the entire process of a successful security breach, from start to finish.
It begins with the reconnaissance phase, during which hackers do their research into prospective targets. It moves through access attempts, the sidestepping of security measures, data collection, and eventual escape.
While the tactics and techniques can sound intimidating and worrying, that is precisely the point. Only if businesses know the threats they face can they hope to actually stand a chance of planning for them and protecting themselves comprehensively.
Considering the Platforms Covered
The knowledge base behind the ATT&CK framework is tailored to a number of operating environments, devices, and ecosystems which are commonly encountered across the business world.
This includes typical desktop operating environments such as those based on Windows, Linux, and macOS, in addition to cloud-powered solutions like AWS and Microsoft Azure.
In addition, there are separate iterations that are set up for the two main mobile platforms of the age; namely iOS and Android.
Finally, there is an ATT&CK subcategory that looks specifically into the behaviors of so-called ‘adversaries’ outside of the context of the attacks themselves. Assessing what cybercriminals get up to when they are not actively targeting organizations and individuals is undeniably informative.
Investigating the Alternatives
As mentioned, MITRE’s ATT&CK framework is not the only toolkit for companies to use if they are worried about the growing cyber threats of the digital era.
One contemporary alternative is the Cyber Kill Chain from Lockheed Martin. This includes fewer tactics and techniques and does not offer the same level of detail on each as the ATT&CK framework. In addition, MITRE’s solution is often preferred because it is catered more towards the cloud-centric market in which we find ourselves today.
Now you have a taste of what this framework has to offer. It is up to you to see whether it is the right fit for threat mitigation at your business.
