ATT&CK Goes to v11

Intelligence Failures of Lincoln’s Top Spies: What CTI Analysts Can Learn From the Civil War

Selena Larson Mar 29 ·9 min read Guest Post by ATT&CKcon 3.0 Keynote Speaker, Selena Larson Allan Pinkerton (Alexander Gardner — Library of Congress) At the onset of the Civil…

How to improve threat detection in ICS environments

Written by CyberScoop Staff Feb 24, 2022 | CYBERSCOOP A challenge in industrial control systems (ICS) cybersecurity is the lack of detection and collection capability within most ICS environments. Security…

ATT&CK 2022 Roadmap

Where We’ve Been and Where We’re Going​Amy L. RobertsonFeb 2 · 7 min read In 2021, as we navigated a pandemic and moved into a new normal, we continued evolving…

What’s New in ATT&CK v9?

Jamie WilliamsApr 29 · 6 min read By Jamie Williams (MITRE), Jen Burns (MITRE), Cat Self (MITRE), and Adam Pennington (MITRE) As we promised in the ATT&CK 2021 Roadmap, today…

ATT&CK 2021 Roadmap

Amy L. RobertsonMar 16 · 9 min read A review of how we navigated 2020 and where we’re heading in 2021 With the monumental disruptions, challenges, and hybrid work environments…

Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology

Jose Luis RodriguezOct 20, 2020 · 9 min read In Part I of this two-part blog series, we reviewed the current state of the data sources and an initial approach…

Defining ATT&CK Data Sources, Part I: Enhancing the Current State

Jose Luis RodriguezSep 10, 2020 · 10 min readFigure 1: Example of Mapping of Process Data Source to Event Logs Discussion around ATT&CK often involves tactics, techniques, procedures, detections, and…

Actionable Detections: An Analysis of ATT&CK Evaluations Data Part 2 of 2

Jamie WilliamsJun 18, 2020 · 8 min read In part 1 of this blog series, we introduced how you can break down and understand detections by security products. When analyzing…