A Threat-Informed Defense Starts with a Solid Foundation
That’s why we align with MITRE ATT&CK.
What is MITRE ATT&CK?
ATT&CK is a globally available, open framework of known adversary tactics, techniques and procedures (TTPs). The MITRE Corporation, a federally funded non-profit research and development organization working in the public interest, built and publicly released the original ATT&CK framework in 2015 to help defenders all over the world focus on the threats that matter most to cybersecurity.
The MITRE ATT&CK Framework
The MITRE ATT&CK framework is an approach to cybersecurity planning and operations, and a tool for maximizing the effectiveness of an organization’s cyberdefenses.
As an approach, the framework takes the perspective of the adversary rather than that of the defender, presenting known adversary behaviours rather than the forensic analysis of what happened in a particular case. In a nutshell, it helps defenders get ahead of the adversary.
MITRE ATT&CK®
for Dummies
To learn how to use MITRE ATT&CK to improve your cybersecurity effectiveness, download this easy to read Dummies’ guide that will help you improve your security effectiveness, strengthen your cybersecurity program, and maximize your resources. Plus, it’s free. You can use this guide to train your teams, transition from a manual approach to threat intelligence, and guide your entire security team with a unified threat framework. Once you learn ATT&CK, you can then deploy an automated breach and attack simulation platform to test your security controls and generate real performance data to improve your security program at scale.
The MITRE ATT&CK Matrix
MITRE ATT&CK is known for its matrix, a deep well of content on cyber adversaries. The column headings show tactics—objectives that adversaries want to achieve. They appear in the general chronological order in which attacks develop. The cells that appear under each column heading are techniques—mechanisms that adversaries may use to achieve each tactical objective.
AttackIQ and the Center for Threat Informed Defense (CTID)
AttackIQ is a founding research partner of the Center for Threat-Informed Defense, a non-profit research and development organization operated by MITRE Engenuity with the mission to advance the practice of threat-informed defense. From the beginning of the Center’s existence, AttackIQ has shaped the Center’s research agenda and been intimately involved in the research process on a multitude of projects.
“The Center for Threat-Informed Defense brings together the best security teams in the world to collaborate on research that will shift the cybersecurity playing field in favor of defenders. Together, we can make an impact that’s far larger than anything we can do as individual companies.”
– Richard Struse, Director, Center for Threat-Informed Defense.
The CISO's Guide to Using Attack Graphs and MITRE ATT&CK®
In an environment where threats are getting more challenging by the day, CISOs and their teams are under pressure to explain their defensive posture to the C-suite, understand and apply lessons learned from major incidents, and build realistic adversary emulation scenarios for purple teaming exercises. As a result, the industry is shifting toward the use of attack graphs (also known as attack flows). These attack graphs simulate multi-stage attacks, and defenders can use them to assess the effectiveness of their automated cybersecurity safeguards in a realistic and targeted manner.
