MITRE ATT&CK Framework | What is MITRE ATT&CK?
MITRE ATT&CK™ is a globally accessible knowledge base of cybersecurity adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. – MITRE Corp.
The MITRE ATT&CK framework is constantly evolving as new threats emerge, and its primary goal is to help IT security teams prioritize and focus their protection efforts.
What is MITRE ATT&CK?
MITRE created ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) as a solution to help teams achieve more effective cybersecurity. The framework enables the sharing of adversarial behaviors across the attack lifecycle and provides a common taxonomy for threat analysis and research.
The MITRE ATT&CK framework can help cybersecurity teams assess the effectiveness of their security operations center (SOC) processes and defensive measures to identify areas for improvement.
With this knowledge base, teams take on an adversary’s perspective to better understand the motivation behind an adversary’s actions and the relationship between them for holistic threat detection and response. This approach provides context to the individual parts of an attack to help teams predict an adversary’s behavior and next move, and quickly and effectively respond to an attack.
MITRE ATT&CK for Threat Hunting and Detection
Learn more about using MITRE ATT&CK techniques to identify critical gaps in visibility, enhance your threat detection, and test the accuracy of your detection rules.
ATT&CK Tactics, Techniques, and Procedures
MITRE first developed the ATT&CK framework as a standard way to document common adversarial tactics, techniques, and procedures (TTPs). The relationship between tactics and techniques can be seen in the ATT&CK Matrix™.
ATT&CK Tactics: Tactics are the “why” of an adversary’s technique and represent their objective.
ATT&CK Techniques: Techniques are “how” an adversary achieves an objective — the action they take to get what they are seeking.
ATT&CK Procedures: Procedures are the specific steps an adversary takes to execute a technique.
Figure 1: Hierarchal model of ATT&CK tactics, techniques, and procedures.
Harden Your Security Operations to ATT&CK with LogRhythm
Detecting adversaries requires pervasive visibility across your security data and a proactive approach to efficiently identify suspicious behavior. Teams can use the LogRhythm NextGen SIEM for high fidelity visibility into the tactics, techniques, and procedures of the most skilled adversaries’ for accurate threat detection.
Security programs must continue to update their methodologies as fast as adversaries iterate to detect new threats and prevent damaging breaches. The LogRhythm NextGen SIEM provides a diagnostic tool that teams can use to assess their security program coverage and gaps, so they can prepare for future threats that leverage similar exploits.
Use MITRE ATT&CK’s threat model with LogRhythm network and user analytics, compliance modules, and threat feeds to generate higher-value alarms that more accurately detect adversaries.
The LogRhythm MITRE ATT&CK Module
The LogRhythm MITRE ATT&CK Module, provides prebuilt content mapped to ATT&CK for the LogRhythm NextGen SIEM Platform, including analytics, dashboard views, and threat hunting tools. This content enables security teams, and in particular, Red Teams to detect adversaries and improve their security program as prescribed by the MITRE ATT&CK framework.