According to the MITRE website, “MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” Basically, this deep catalog of hackers’ tools of the trade is a fount of cybersecurity knowledge. The ATT&CK® framework can lay the foundation for offensive and defensive strategies in cybersecurity.
Developed by MITRE, a non-profit think tank that manages federally funded research and development centers (FFRDCs), the open source ATT&CK® framework is becoming the gold standard for cybersecurity strategy. The acronym stands for Adversarial Tactics, Techniques & Common Knowledge.
The framework has undergone several iterations but continues to seek to be as comprehensive of a paradigm for understanding and cataloging cyber threats as is possible. MITRE actively seeks contributions to the framework from practitioners to keep it current and just released a beta-version with sub-techniques this year. Three matrices are available: Enterprise ATT&CK®, Pre-ATT&CK®, and Mobile ATT&CK®.
The ATT&CK® Framework consists of 12 tactics. These are often considered the “why” part of the equation. Each tactic represents an objective that the attacker wishes to achieve in their current step of compromise (ex: achieving “Initial Access” to a network, server, etc.). These 12 tactics are defined and outlined below (to see official definitions and additional information, visit MITRE’s website here):
The ATT&CK matrices serve public and private enterprises as foundations of knowledge for modeling threats and methodologies. PlexTrac CEO, Dan DeCloss says, “We love to reference the MITRE ATT&CK® framework because it breaks everything down based on the attack lifestyle, which, at the end of the day, is what we are really trying to do—identify issues that crop up in each of those different tactics.”
All that collected and aggregated information gives both red and blue teams extensive knowledge to plan assessments, and knowledge is power. But effectively using the power available in the ATT&CK® knowledge base takes work. PlexTrac helps manage and aggregate the data produced when following the ATT&CK® framework so teams can better collaborate. Using PlexTrac with MITRE ATT&CK® can take cybersecurity team to the next level with a purple teaming paradigm.