MITRE created ATT&CK as a solution to help teams achieve more effective cybersecurity. The framework enables sharing of adversarial behaviors across the attack lifecycle and provides a common taxonomy for threat analysis and research.
This framework can help cybersecurity teams assess the effectiveness of their security operations center (SOC) processes and defensive measures to identify areas for improvement.
With this knowledge base, teams take on an adversary’s perspective to better understand the motivation behind an adversary’s actions and the relationship between them for holistic threat detection and response. This approach provides context to the individual parts of an attack to help teams predict an adversary’s behavior and next move, and quickly and effectively respond to an attack.
MITRE first developed this framework as a standard way to document common adversarial tactics, techniques, and procedures (TTPs). The relationship between tactics and techniques can be seen in the ATT&CK Matrix™.
ATT&CK Tactics: Tactics are the “why” of an adversary’s technique and represents their objective.
ATT&CK Techniques: Techniques are “how” an adversary achieves an objective — the action they take to get what they are seeking.
ATT&CK Procedures: Procedures are the specific steps an adversary takes to execute a technique.
Detecting adversaries requires pervasive visibility across your security data and a proactive approach to efficiently identify suspicious behavior. Teams can use the LogRhythm NextGen SIEM for high fidelity visibility into the tactics, techniques, and procedures of the most skilled adversary’s for accurate threat detection.
Security programs must continue to update their methodologies as fast as adversaries iterate to detect new threats and prevent damaging breaches. The LogRhythm NextGen SIEM provides a diagnostic tool teams can use to assess their security program coverage and gaps, so they can prepare for future threats that leverage similar exploits.
Leverage MITRE’s model with LogRhythm network and user analytics, compliance modules, and threat feeds to generate higher-value alarms that more accurately detect adversaries.