Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment

The security industry has recently been abuzz with the MITRE ATT&CK framework, and for good reason. The MITRE ATT&CK framework is an open knowledge base of adversary tactics and techniques based on real-world observations.

The MITRE ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. A taxonomy, in and of itself, has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. However, it also serves as a technical framework for classifying your current detection efforts and identifying gaps in which you are blind to certain types of attack behaviors.

The MITRE ATT&CK goes far beyond an academic framework for classifying attack techniques. Its’ very specific and technical. Here are just a few examples:

  • Rundll32
  • Password filter DLL
  • LSASS Driver

The MITRE ATT&CK provides the best of both worlds. It’s comprehensive and deeply technical, and still provides structure and organization to keep you from drowning in the details.

The MITRE ATT&CK provides organizations with three principal elements:

  • Tactics: Represent the “why” of an ATT&CK technique. It is the adversary’s tactical objective and the reason for performing an action.
  • Techniques: Illustrates “how” an adversary achieves a tactical objective by performing an action. For example, an adversary may dump credentials to achieve credential access.
  • Procedures: Shows the exact way a particular adversary or piece of software implements a technique.

In this on-demand webinar, Randy Franklin Smith of Ultimate Windows Security joins Brian Coulson of LogRhythm to introduce viewers to the MITRE ATT&CK.

In this webinar, you’ll learn about:

  • Various ways to use the MITRE ATT&CK, specifically to design, enhance, assess, and maintain your security monitoring efforts.
  • LogRhythm Labs’ project, including aligning the MITRE ATT&CK matrix to log sources.
  • An example of the MITRE ATT&CK process from start to finish, while focusing on rule development and alignment within the LogRhythm NextGen SIEM Platform.

Watch the on-demand webinar now to learn more about the MITRE ATT&CK framework.