The security industry has recently been abuzz with the MITRE ATT&CK framework, and for good reason. The MITRE ATT&CK framework is an open knowledge base of adversary tactics and techniques based on real-world observations.
The MITRE ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. A taxonomy, in and of itself, has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. However, it also serves as a technical framework for classifying your current detection efforts and identifying gaps in which you are blind to certain types of attack behaviors.
The MITRE ATT&CK goes far beyond an academic framework for classifying attack techniques. Its’ very specific and technical. Here are just a few examples:
- Password filter DLL
- LSASS Driver
The MITRE ATT&CK provides the best of both worlds. It’s comprehensive and deeply technical, and still provides structure and organization to keep you from drowning in the details.
The MITRE ATT&CK provides organizations with three principal elements:
- Tactics: Represent the “why” of an ATT&CK technique. It is the adversary’s tactical objective and the reason for performing an action.
- Techniques: Illustrates “how” an adversary achieves a tactical objective by performing an action. For example, an adversary may dump credentials to achieve credential access.
- Procedures: Shows the exact way a particular adversary or piece of software implements a technique.
In this on-demand webinar, Randy Franklin Smith of Ultimate Windows Security joins Brian Coulson of LogRhythm to introduce viewers to the MITRE ATT&CK.
In this webinar, you’ll learn about:
- Various ways to use the MITRE ATT&CK, specifically to design, enhance, assess, and maintain your security monitoring efforts.
- LogRhythm Labs’ project, including aligning the MITRE ATT&CK matrix to log sources.
- An example of the MITRE ATT&CK process from start to finish, while focusing on rule development and alignment within the LogRhythm NextGen SIEM Platform.
Watch the on-demand webinar now to learn more about the MITRE ATT&CK framework.