Threat hunters who contribute offer insight in to adversary behaviour sourced from real world observations of security incidents. The MITRE ATT&CK platform supports the development of methodologies and new techniques to support defensive coverage of organisations. Implementations made off of the back of MITRE ATT&CK threat intelligence lead to better outcomes for organisations in securing their data and business-critical assets.
What is the purpose of MITRE ATT&CK?
The purpose is to provide help with threat modelling based on real-world adversarial behaviour. The framework is leveraged by managed security Service providers (MSSP’s) and security operations centres to improve effectiveness of threat detection.
MITRE ATT&CK offers detailed and cohesive insight in to tactics, techniques, and procedures (TTP) used by cyber criminals and malicious actors when carrying out cyber attacks.
ConnectDS – Leveraging Mitre to enrich our SOC monitoring and threat detection services.
As leading cyber security specialists we are here to consult with your security operations teams and review your existing tools. Our Security analysts and threat hunters leverage the MITRE ATT&CK framework to ensure security coverage and ensure that adversaries tactics and behaviours are aligned to our defensive capabilities, both with threat hunting and our automated use cases as part of our MDR services.
By reviewing everything from data sources and threat hunting capabilities to security tools and threat detection (as well as threat analysis), we offer insight in to the specific techniques needed to handle MITRE ATT&CK and its noted adversary tactics. We work with security teams (or alternatively, as your outsourced security team) to study your current tactics, techniques, and procedures (TTP) and analyse the cyber kill chain your organisation could be vulnerable to.
Frequently Asked Questions about MITRE ATT&CK:
Please see below for some common questions about MITRE ATT&CK. If you would prefer to speak to someone then give us a call and speak to one of our team in our UK HQ.
HOW MANY TECHNIQUES ARE THERE IN MITRE ATT&CK?
There are many techniques associated with MITRE ATT&CK however these are broken down in to 14 areas; Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact.
IS MITRE ATT&CK A THREAT MODEL?
MITRE ATT&CK models different adversarial tactics used by malicious actors. Its purpose is to demonstrate real-world methods observed by cyber security analysts during all stages of the kill chain.
HOW DOES MITRE ATT&CK HELP SECURITY OPERATIONS?
MITRE ATT&CK acts as a knowledge base curated by professionals world wide. Its information can be used to improve cyber security posture.
WHAT IS SOAR?
Security Orchestration, Automation, and Response. It includes your incident response platforms, threat intelligence platforms, and security orchestration and response.
WHAT IS MITRE D3FEND?
MITRE D3FEND is complimentary to the MITRE ATT&CK framework. Instead of proffering adversarial tactics, it lists and prioritises cyber defense techniques used by secure organisation’s worldwide.