Tracking Image
Background image

BACK TO USE CASES

Example Report:

Leverage AttackIQ and the MITRE ATT&CK Matrix to augment your red team and fight back before an attack.

Problem

Your security team is playing a reactive game. Thanks to information overload and lack of resources, your red team can only validate a fraction of your enterprise and controls. This means you’re forced to focus on incident response. Your team is stuck fixing problems instead of preventing them.

Solution

If your security team is already utilizing the MITRE ATT&CK Matrix to analyze adversaries’ tactics, techniques, and procedures, against your existing and planned security controls... AttackIQ can be a catalyst for faster, more efficient and more comprehensive analysis. AttackIQ augments the red team’s ability to run exercises and validation scenarios on your enterprise security controls and incident response workflows. Your team is able to identify how each individual asset in your security program responds to thousands of common attack scenarios.

You’ll be able to generate comprehensive reporting on test results to then clearly communicate the impact of the threat assessment to the C-suite. You’ll see clear metrics on readiness of common attack vectors like Credential Access, Exfiltration and Command & Control.

Outcome

With AttackIQ alongside the MITRE ATT&CK Matrix enables you to more effectively validate your security controls – and do so continuously – to reduce risk and take an offensive approach to cyber defense. You can better prioritize your security acquisition process and expenses. Your team will have deeper understanding of a potential intrusion chain of events, through attack simulation, so you can proactively defend against known TTPs.

Key Benefits

  • Automate time-consuming manual processes
  • Extend the coverage and depth of validation efforts
  • Gain deeper understanding of vulnerabilities and risk
  • Understand the impact of threats to your organization
  • Better protect against potential threats
  • Free your red team to focus on critical priorities

 

ABOUT MITRE ATT&CK

An Introduction to MITRE ATT&CK


The MITRE ATT&CK framework is a knowledge base of cyberattack tactics and techniques used as a foundation for the development of specific threat models and methodologies in the private sector, government, and in the cybersecurity community. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. 

Capabilities


The MITRE ATT&CK framework enables you to precisely map your detection, prevention, and response capabilities to attack scenarios. This organized approach enables you to methodically select the attack you need to validate your security controls and to understand the gaps so you can rationally expand your security controls set. Security management can rapidly and easily identify critical problems for remediation. This objective assessment provides a data-driven approach to prioritizing and scaling your cybersecurity program and budget. 
 

Evaluation


MITRE’s stature in the cyber community make the MITRE ATT&CK matrix the ideal platform from which you can objectively evaluate and measure cybersecurity controls’ performance, risk, and capabilities. MITRE ATT&CK is the largest attack knowledge base, providing suggested assessment techniques, detection procedures, and other important technical information. 


A Powerful Common Lexicon


The MITRE ATT&CK framework provides a common lexicon that enables business stakeholders, cyber defenders, and vendors to clearly communicate on the exact nature of a threat and the objective assessment of the cyberdefense plan that can defeat it. This common lexicon brings a universal language that can be used to describe the procedures of an attacker or attack tools, and then exactly the techniques which they deploy. The precise lexicon of the MITRE ATT&CK framework enables a measured and accurate assessment of your cyber defense capability. 


The Framework


The MITRE ATT&CK model presents a well organized taxonomy of the tactics and techniques of a cyberattacker. A TACTIC is a high level description of attacker behavior and represents a class of a certain type of behavior. A TECHNIQUE provides a more detailed description of very specific types of behavior within that TACTIC class. 

MITRE presents five different matrices which organize and present the cyberattacker tactics and techniques. These include PRE-ATT&CK, Enterprise - Linux, Enterprise - macOS, Enterprise - Windows, and Mobile. PRE-ATT&CK is organized around the activities of a cyberattacker prior to launching an attack. The remaining matrices align with the execution of the specific attacks by computing platform.

mitre-matrix


Getting Started

Start with a few of the most key critical areas of concern to you - go deep, not wide. Test your detection, prevention and response capabilities end-to-end and then determine the next tactics of the framework to focus your efforts. The best way to get started is by testing your known security controls against adversarial behavior in the MITRE ATT&CK framework.


Test Your Security Controls With MITRE ATT&CK


You can use the MITRE ATT&CK tactics and techniques to help you assess your security controls and validate their performance against your assumptions. You can immediately validate that your security controls are configured correctly, performing as expected, and delivering the return on your investment you expect.