Back to Blog Home

Strengthen your cybersecurity defenses with the MITRE ATT&CK Framework

So far in this cybersecurity framework series, we’ve covered NIST CSF and ITSG-33 frameworks and CIS Controls as options for organizations to secure their IT environment. In this blog, we’ll peek behind the enemy lines of cyber crime by exploring the MITRE ATT&CK framework.

The MITRE Corp., a not-for-profit organization, manages federally funded research and development centers that support various U.S. agencies in the defense, healthcare, aviation, and cybersecurity sectors. As part of a research project back in 2013, MITRE began to document common tactics, techniques, and procedures (TTPs) used by cybercriminals to attack Windows enterprise networks. The organization developed a security framework to detect possible threats based on this research. They named this framework ATT&CK—which stands for Adversarial Tactics, Techniques, & Common Knowledge—and released it to the public in 2015.

The MITRE ATT&CK framework has expanded since then to document more TTPs used against macOS, Linux, mobile operating systems, network infrastructure devices, cloud systems, and other enterprise IT technologies. By cataloging the tactics that cyber criminals use to gain unauthorized access, the ATT&CK framework helps cybersecurity teams detect and defend against potential threats. Here’s how it works.

Also read: Cloud-enabled security from OnX enhances your critical business applications

Unraveling the ATT&CK Framework

The MITRE ATT&CK framework is a global knowledge base of malicious groups and the tactics and techniques they often use. Think of it as the playbook that a cyber adversary would use to hack into your system or device. Like having access to your opponent’s playbook in a football game, the framework can help your organization focus its defensive strategy by predicting the offensive moves that the other team is plotting against you.

For example, imagine you run a small non-profit organization that supports human rights and has limited IT resources dedicated to cybersecurity. If you search the ATT&CK framework for cybercriminals that target organizations like yours, you’ll find the threat group APT18, which targets human rights organizations. As you review the techniques APT18 uses, you’ll see that they focus on External Remote Services, such as VPNs or Citrix servers, to gain network access.

Armed with this knowledge of your adversary’s tactics, you can now focus your limited IT resources on mitigation techniques for remote service gateways to block these threats effectively. As such, the ATT&CK framework is a handy tool for corporate cybersecurity “red teams” to test their IT vulnerabilities using real-world inspired emulations. In response, “blue teams” can use these scenarios to verify their threat detection capabilities and bolster their defenses over time. 

Also read: What to look for in a cloud security partner

MITRE ATT&CK Framework Use Cases

Whether your IT team is novice, intermediate, or advanced, the ATT&CK framework can be a valuable tool to grow and mature your enterprise cybersecurity program. Best of all, the framework is open and available for any organization to use at no charge.

Here are a few ways your IT team can use the framework to strengthen your cybersecurity posture:

  • Design more realistic adversary emulations and red team scenarios.
  • Conduct a security gap analysis to identify vulnerabilities in your system.
  • Determine areas of improvement in your defensive detection capabilities.
  • Assess the overall maturity of your cybersecurity program.
  • Bolster your threat intelligence by understanding real-world adversaries.

Wherever you are in your cybersecurity journey, the MITRE ATT&CK framework can give you a glance behind enemy lines to help your company anticipate the offensive strategy of cybercriminals and strengthen its defenses against known threats and common tactics.

Contact OnX Canada for help developing your cybersecurity defense to protect your business better.