How to Test Your Defenses Against Personalized Top 10 MITRE ATT&CK Techniques

The Center for Threat-Informed Defense recently published a methodology and calculator so that you can identify the top MITRE ATT&CK techniques that impact your sector. Read More

The Center for Threat-Informed Defense recently published a methodology and calculator so that you can identify the top MITRE ATT&CK techniques that impact your sector. As a founding research partner of the Center for Threat-Informed Defense, AttackIQ has integrated the top ATT&CK techniques into the AttackIQ Security Optimization Platform for organizations to select key techniques and run adversary emulations to validate that your cyberdefenses operate as intended.

Wondering how it works? Here’s a quick rundown:

Take a look at the Top ATT&CK Techniques Calculator

Rather than the ATT&CK Navigator choosing TTPs for you based on external factors (such as threat group or actor), you can utilize their new calculator and make assumptions about the maturity in your specific security environment. Selections are made based on information about your own company. It’s a personalized list of your own top 10 techniques, tailored to your business.

MITRE ATT&CK Top Techniques

Data geek?

MITRE also offers their methodology with data regression, and a downloadable spreadsheet that shows how they determine what your top 10 techniques are.

How it works with AttackIQ 

Download your personalized top 10 techniques, and you’ll get a JSON file that you can utilize in the AttackIQ platform under “Assessment Templates.” Upload the MITRE JSON, select OS variants that apply to the import (so you can understand fully what you’re testing and where), import, and you’re set to create and run assessments based on populated tests and scenarios.

Now you can start testing and making top techniques that came out of the calculator actionable in your environment.

This 10-minute video will give you a short overview of this easy-to-use, high-impact tool in action:
 

 
But wait! There’s more!