MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework is a comprehensive matrix that catalogs the tactics and techniques employed by cyber adversaries.

It’s pivotal for threat modeling and enhancing security defenses, enabling organizations to understand the security risks linked to specific threats and refine their detection and prevention strategies.

MITRE ATT&CK framework

The top horizontal columns of the matrix outline various Tactics, beginning with Initial Access, Execution, Persistence, among others. Each tactic is linked to documented techniques, which are derived from observations of different Adversary Groups, as shared by cybersecurity researchers in threat intelligence reports.

The MITRE ATT&CK framework serves multiple purposes, including:

1) Enhancing existing detection technologies within an organization.

2) Assessing an organization’s visibility against potential attacks.

3) Strengthening the organization’s current threat intelligence capabilities.

4) Facilitating adversary simulations between Red and Blue Teams to identify weaknesses.

5) Advancing the maturity of an organization’s Threat Hunting Program.

It’s essential to understand that the tactics and techniques documented in the MITRE ATT&CK matrix represent knowledge that is widely recognized within the cybersecurity community. There might be other tactics and techniques not yet documented. As such, the ATT&CK matrix continually evolves, incorporating new tactics and techniques over time.

The primary goal of the MITRE ATT&CK framework is to deepen the understanding of adversaries’ characteristics and actions, including the tactics, techniques, and tools they use. This insight helps stakeholders and system owners improve their awareness and enhance their protection and detection mechanisms. Moreover, MITRE aims to establish a standardized taxonomy for identifying and labeling threat actors based on their operational methods, fostering better information sharing between communities and organizations.

If youd like to learn more about how we leverage the MITRE ATT&CK framework within the Sekoia SOC platform, check out this article: https://blog.sekoia.io/how-sekoia-io-uses-the-mitre-attck-framework-to-enhance-soc-capabilities/

Explore Sekoia.io SOC platform through an interactive demo

Others Terms

Command & Control(infrastructure, server)

Command and Control (C2) is a set of techniques and technologies used by cybercriminals and other advanced persistent threat (APT) groups to centrally control compromised systems and coordinate malicious activities.

CTI(Cyber Threat Intelligence)

Cyber ​​Threat Intelligence (CTI) defines cyber threat research, analysis and modeling. It'is used to prevent and detect computer attacks.

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !