MITRE ATT&CK is a phenomenal global free knowledge base produced by MITRE, a US Government research organisation, that maps adversary tactics and techniques that are used by threat actors to launch cyber attacks against targets. The ATT&CK framework (which stands for Adversarial Tactics, Techniques, and Common Knowledge) began its life in 2013 and now incorporates a vast array of Tactics, Techniques and Procedures (TTPs).
As Sun Tzu famously wrote in The Art of War, ‘Know your enemy …’ – this is about understanding how cyber adversaries operate and what tactics and techniques they use when conducting reconnaissance on a target and launching an attack, with the aim to try and disrupt their activity to make an attack too complex or too costly for the attacker to pursue.
MITRE ATT&CK Navigator
The MITRE ATT&CK Navigator is used to map and filter adversary TTPs in order to understand the phases and techniques used at different stages of an attack by the adversary.
Understanding what adversarial TTPs could succeed in your environment
Ideally, offensive security teams will want to determine what adversarial TTPs could be successful in their corporate environments. Mapping where security gaps or misconfigurations might be based on MITRE ATT&CK TTPSs could significantly improve the way that organisations are able to protect themselves against some of the most formidable cyber adversaries.
However, putting this into practice remains largely out of reach for many companies. Few companies have the resources and budgets available to conduct offensive security testing to test adversarial TTPs effectively.
Simulating adversarial attack methods
Simulating cyber attack methods has emerged in recent years as being a cost effective and viable alternative to costly and inefficient human-only based offensive security testing.
Using the SafeBreach automated Breach & Attack Simulation platform (below), we can safely and continuously simulate MITRE ATT&CK TTPs economically and without any danger of network disruption.
SafeBreach’s MITRE live ATT&CK Navigator view for showing how security controls have fared at key stages of the attack lifecycle:
Simulating specific threat actor TTPs
Specific threat actor TTPs can also be simulated with ease in the SafeBreach platform, allowing for much more efficient and cost effective Red Team testing of attack scenarios.
Register for our webinar
If you are looking at ways in which your team might be able to use and adopt the MITRE ATT&CK framework, why not register for our webinar on 23 April 2020. In it, we will show how combining Automated Breach and Attack Simulation with MITRE ATT&CK will provide a deeper and more realistic view on how well prepared your security controls are at facing up to common attacker TTPs.