Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • 5 Things to Do with MITRE ATT&CK – Tips and Tricks Special
  • Cyber Attacks
  • Data Breach

5 Things to Do with MITRE ATT&CK – Tips and Tricks Special

5 years ago David Lu
5 Things to Do with MITRE ATT&CK – Tips and Tricks Special

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns.

The original impetus for the project was to answer the question, “How are we doing at detecting documented adversary behavior?” MITRE ATT&CK v1 was released in 2015, and since then, it has seen rapid growth and adoption across multiple domains such as risk management, threat intelligence, incident response and threat hunting, secure configuration and security engineering, among others.

The main components of ATT&CK, adversarial behaviors, are structured as a taxonomy of tactics, techniques and sub-techniques with other components such as software, APT groups and mitigations standing in various relations between each other and the behaviors. Techniques and sub-techniques are abstracted from actual procedures used by adversaries, while tactics represent a classification of adversary objectives similar to a kill chain but nonlinear. These provide a common vocabulary to categorize specific attacking or defending behavior.

However, because ATT&CK is abstracted from specific procedures, it may not be immediately clear how to use the framework in a practical way. This is an issue that affects all taxonomies, classifications and ontologies. On their own, they don’t do much.

So, here are five things you can do with ATT&CK.

Map defensive controls to ATT&CK.

A mapping between defensive controls and ATT&CK—for example, the Center for Threat Informed Defense’s mapping of NIST SP 800-53 to ATT&CK—provides a foundation for organizations to assess their security controls against classes of adversarial behavior.

Drive Threat Intelligence

According to Sergio Caltagirone, threat intelligence is “actionable knowledge and insight on adversaries and their malicious activities enabling defenders and their organizations to reduce harm through better security decision-making.” The practice of producing threat intelligence is answering the who, what, when, where, why and how questions of adversaries that may be targeting your organization. The ATT&CK framework nicely organizes answers to the “how” question.

Threat Hunting & Incident Response

Threat hunting and incident response are both active defense activities that involve identifying and containing incidents (or hypothetical incidents). However, they can be ineffective without proper preparation, planning and tools. The ATT&CK framework supports these activities by providing a library of structured information, giving defenders a map to understand the space of adversarial behavior and what to look for in their systems. 

Playbooks

A playbook is an attempt to capture all the tools, tactics and procedures an adversary uses in a logical sequence or structure. They can be used, for example, by blue, red and purple teams to emulate steps of an adversarial attack. And while a singular playbook can be useful to testing an organization’s defenses, their real value shines as a data sharing mechanism. So, ideally, we’d like playbooks to be written in an interoperable format, and the ATT&CK framework supports this goal with structured data, a controlled vocabulary and a high adoption rate.

Teaching 

Of course, any library of structured information is useful for teaching. The ATT&CK framework and its structured information can be used to train internal employees, cybersecurity students and anyone else interested about the tactics and techniques that cyber adversaries use as well as mitigation strategies.

Tripwire Tips and Tricks

Join me for the Tripwire Tips and Tricks webinar series where we will look at the MITRE ATT&CK framework and discuss what you can do with it. Register here: https://info.tripwire.com/register-tripwire-tips-and-tricks-mitre-attck/.

The post ” 5 Things to Do with MITRE ATT&CK – Tips and Tricks Special” appeared first on TripWire

Source:TripWire – David Lu

Tags: APT, Facebook, High Severity, TripWire

Continue Reading

Previous 100M Android Users Hit By Rampant Cloud Leaks
Next Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

More Stories

  • Cyber Attacks
  • Data Breach

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Malware

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

1 day ago [email protected] (The Hacker News)

Recent Posts

  • TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
  • Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
  • AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
  • We Are At War
  • Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT