MITRE ATT&CK Framework Definition

KZero Staff
Aug 08, 2023

The MITRE ATT&CK framework is a comprehensive and widely used knowledge base that provides detailed information about the tactics, techniques, and procedures commonly employed by cybercriminals during the various stages of a cyber attack. ATT&CK is actually an acronym for “Adversarial Tactics, Techniques, and Common Knowledge.”

Developed and maintained by MITRE Corporation, this framework helps organizations around the world understand and defend against ever-increasingly sophisticated cyber threats by providing a standardized and detailed reference of adversarial behaviors.

Key aspects of the MITRE ATT&CK framework include:

  • Organizing cyber attack behaviors into “tactics,” which represent high-level objectives of adversaries, such as initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and impact. Under each tactic, there are specific “techniques” that adversaries use to achieve those objectives.
  • Mapping known threat actors and their associated tools to the specific tactics and techniques they commonly leverage. This information allows organizations to identify potential bad actors and the tactics they are likely to use.
  • Offering real-world use cases and examples of how different attack techniques have been observed in actual attacks. This practical information aids security analysts in recognizing and responding to threats effectively.
  • Providing guidance on detection and defense mechanisms to help organizations identify and mitigate various attack techniques by offering insights into the potential data sources, security tools, and best practices to detect and prevent specific tactics and techniques.
  • The fact that it’s continuously updated and maintained by cybersecurity experts based on the latest threat intelligence and research. This ensures that the framework remains up-to-date and relevant to the ever-evolving threat landscape.
  • Being the home to the integration of many security tools and platforms, allowing organizations to use it as a reference to honestly assess their security hygiene, prioritize certain defensive measures, and optimize their incident response capabilities.

As a whole, the MITRE ATT&CK framework is a valuable resource for organizations to enhance their cybersecurity strategies, improve threat detection and response capabilities, and gain deeper insights into the techniques used by adversaries.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: