Introducing the ATT&CK Framework

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a widely-used resource for understanding and defending against cyber threats. back when MITRE began working to develop a comprehensive approach to understanding and defending against advanced persistent threats (APTs).

This work led to the creation of the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix in 2013, which was initially focused on APT threat groups and their tactics, techniques, and procedures (TTPs).

Over the years, the framework has evolved to include a wider range of threat actors, platforms, and use cases. In 2016, the framework was made publicly available, and it has since become a widely-used resource for organizations of all sizes and industries.

The MITRE ATT&CK framework is a widely used and important resource in the field of cybersecurity. It provides a comprehensive understanding of the tactics, techniques, and procedures used by cyber adversaries, which enables organizations to better identify, detect, and respond to cyber threats.

As you’ll remember, threat intelligence and data-based decisions are a major part of a threat informed defense. Understanding how your adversaries operate is incredibly valuable in defending your enterprise.

The framework is based on real-world observations of actual attacks, which means that it is constantly updated with new information and reflects the latest threat landscape. Additionally, The ATT&CK framework covers a wide range of threat actors, platforms, and use cases, and it can be used for not only detection and defense but also for planning and prioritizing security investments, measuring the effectiveness of security controls.

it also has a community of researchers, practitioners, and enthusiasts who contribute to its development and improvement.

MITRE allows for contribution to the ATT&CK Framework through the submission of:

  • New techniques and sub-techniques

  • New techniques and sub-techniques for macOS, Linux, cloud, and ICS

  • Threat Intelligence

  • Data sources such as endpoint or network log data for techniques used in incidents

  • Your use cases

The MITRE Organization has a whole page on its website on how to contribute to the ATT&CK Framework try visit:

Contribute | MITRE ATT&CK® that’s it for today’s talk

PreviousPurple Teaming & MITRE ATT&CKNextMITRE Engenuity

Last updated