MITRE ATT&CK Framework 101: Protecting Your Business Against Attacks
By: Michael Dunlop
Cyber attacks are causing increased disruption every year, and organizations are realizing that they cannot stand idly by while this trend takes over.
Battling the wave of data breaches requires an understanding of what strategies attackers are using; if we can think like them, we can predict their next moves and do a better job of detecting hacks.
Enter the MITRE ATT&CK framework, which promises to give businesses a blueprint for cyber security going forward. Let’s look at what it is, what it does, and why it matters today.
Image Source: Pixabay
The lowdown on the ATT&CK framework
Each attack has its own unique lifecycle, which makes things complicated from a security perspective.
However, the ATT&CK framework gives businesses a way of looking at the tactics and techniques their adversaries will use, including those that they might switch to if one avenue of exploitation is detected and nipped in the bud mid-breach.
Within the framework, tactics are defined as the separate short-term goals of an adversary while an attack is in progress.
The techniques describe how they go about attaining their aims, and this is where both the attackers and the defenders have the flexibility to adapt.
The framework can be applied, in different forms, to common enterprise operating environments, including desktop and server ecosystems running locally and in the cloud, as well as smartphone OS setups.
The application of the ATT&CK framework to your own security challenges
In order to use the framework to benefit your business and protect your resources, you need to know the specific ways in which it can be applied.
First and foremost, you will probably want to see how your current security measures fare when subjected to the scrutiny of the framework’s adversarial tactics.
It gives you the most realistic way to emulate how adversaries would behave in the event of an attack, and so you can seek out weak spots in a controlled manner and repair vulnerabilities before they are exploited for real.
Next, you can take the behavioral side of the framework and leverage this data to update your own monitoring efforts. To detect suspicious activity on your network and devices, you have to know what to look out for, which is what the ATT&CK framework lets you do.
Another excellent application of the framework is in the context of procurement. It gives you a basis for assessing any security tools or products you are considering purchasing, so you don’t just have to rely on the hype from the vendor or the recommendations of others.
You can even investigate which elements of your enterprise are underserved by the security solutions you have established. It could be that particular assets, departments, or teams are either not well protected or that you simply don’t have the visibility to determine this.
The futureproof nature of the ATT&CK framework
This isn’t just about detecting and defeating the attacks which are occurring right now, but about preparing your business for the unending, ever-changing barrage of threats that will persist for as long as there is value to be gained from launching cyber attacks.
The knowledge base represented by the framework is always being updated with information and analysis on the latest tactics and strategies of cybercriminals. This enables forward-thinking firms to stay one step ahead of the malicious forces that would seek to subvert them.
There are costs and complexities involved in keeping up with the cyber security arms race, of that there is no doubt. However, this framework takes some of the strain and will remain relevant for years to come.
1823 Views