What is ATT&CK framework?
ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary techniques and tactics based on real-world observations of cyberattacks. It was first created in 2013 by the MITRE Corporation, a US-based not-for-profit organization, that manages government-funded R&D centers for several federal agencies.
The ATT&CK framework has three different flavors:
- PRE-ATT&CK - focuses on the tactics used by the attackers before they exploit their target.
- ATT&CK for Enterprise - covers the techniques and tactics for targeting Windows, Linux or Mac OS.
- ATT&CK for Mobile - covers the attack tactics and techniques for targeting mobile devices.
What is PRE-ATT&CK?
PRE-ATT&CK model defines the pre-compromise techniques used by attackers, that provides awareness of the actions that may be expected just before a network intrusion. It allows a comprehensive evaluation of computer network defense (CND) technologies, processes, data, and policies against a standard enterprise threat model.
What is ATT&CK for Enterprise?
ATT&CK for Enterprise
is a framework and an adversary model, which can be used for explaining the actions a threat actor could take to compromise and operate within an enterprise network. This model can be used to better describe and characterize post-compromise adversary behavior. It expands the knowledge of security experts, and at the same time, it also helps them in prioritizing network defense. It provides an in-depth understanding of the tactics, techniques, and procedures (TTPs) of threat actors, that were used to gain access inside a network and also identifies their objectives while operating.
What is ATT&CK for Mobile?
ATT&CK for Mobile model is a comprehensive list of threats against mobile devices and other parts of the mobile ecosystem. This model is designed to support the development of mobile security capabilities, solutions, and best practices to defend organizations as they deploy mobile devices.
How can ATT&CK framework help private and government organizations?
The ATT&CK framework is open and freely available to any person or organization for use. The main goal of this framework is to bring security experts and organizations together to work into developing a more effective cybersecurity model. The knowledge base of ATT&CK framework can be used as a foundation to develop more effective threat intelligence and security models. These can further lead to actionable insights, and thus help the government and private sector organizations to mitigate any cyberattacks proactively.