The MITRE ATT&CK ® framework is a vast repository of cybersecurity knowledge. Each of the MITRE ATT&CK framework outlines a number of goals that an attacker may need to achieve while performing a cyberattack (Tactics), the methods used to achieve these goals (Techniques), particular tools and threat actors known to use these methods (Procedures), and methods for detecting and responding to each method. All of this information is organized into a set of matrices based upon the target environment in question (Enterprise vs. Mobile vs. ICS) and the stage in the cyberattack lifecycle (PRE-ATT&CK vs. Enterprise, etc.).
This wealth of information can be used in a number of different ways. MITRE ATT&CK provides six sample use cases for the information contained within its framework.
1. Adversary emulation
When performing a penetration test of an organization, the goal is to test its resiliency against realistic cyber threats. As part of this, the ability to realistically simulate the operations of particular threat actors can be a significant asset. Additionally, it is essential that an organization have defenses in place against the most commonly-used tactics of cybercriminals and other threat actors.
MITRE ATT&CK can be used to help verify that an organization’s