MITRE ATT&CK™ framework is a cyber security framework.
The MITRE ATT&CK™ framework is a curated knowledge base for tracking cyber adversary tactics and techniques used by threat actors throughout the attack lifecycle. The framework is intended to be more than a collection of data: it is intended to be used as a tool to strengthen an organization’s security posture.
Cyberattacks are an increasing threat to businesses in all industries. A cybersecurity framework is critical to understanding, prioritizing, and mitigating the risk of cyberattacks. The MITRE ATT&CK™ (Adversarial Tactics and Techniques) Framework is an excellent resource that provides guidance on how to best prevent and respond to cyber threats.
The MITRE ATT&CK™ Framework is an evolving hub that provides attacker techniques, tactics and techniques used by IT and security teams to identify risks to their organizations and prioritize and focus their protection efforts. It helps cybersecurity teams assess the effectiveness of their Security Operations Center (SOC) processes and mitigations to identify areas for improvement.
Mitre attack framework can help you find and fix vulnerabilities.
Red teams use the MITRE ATT&CK™ framework as a blueprint to discover attack surfaces and vulnerabilities in enterprise systems and devices, and learn from the information to improve mitigation when attacks occur. This includes how attackers gain access, how they move around the affected network, and what methods are used to evade detection. The toolset enables organizations to better understand their overall security posture, identify and test defense vulnerabilities, and prioritize potential security breaches based on the risk they pose to the organization.
This hacker-centric approach helps filter millions of CVEs for imminent threats and encourages a more proactive approach to fixing vulnerabilities, which is critical in fighting ransomware. This is the case with CVE-2017-0144 (the WannaCry vulnerability in 2017) and how TTPs are detected to reveal ransomware threats and map them to MITRE’s vulnerabilities to identify three areas that need to be patched (active scans; files and directories discovery and remote system discovery). This may have been classified as a medium/high severity vulnerability using traditional vulnerability management methods using CVSS, but the additional threat intelligence information provides a quick win from a remediation perspective to prevent elements of this ransomware from being included in a foothold organize.
Cyber Security in the modern era using the MITRE ATT&CK™ Framework
