— This is a Health-ISAC Navigator whitepaper by AttackIQ —
MITRE ATT&CK® For Dummies
Transform your security program with the MITRE ATT&CK framework.
How can you ensure that your cybersecurity capabilities defend your organization as best they can? After decades and billions of dollars spent on the people, processes, and technology of cybersecurity, this question still haunts security leaders. Intruders break past, security controls falter, and defenses fail against even basic cyberattack techniques. What should be done? Instead of trying to close every vulnerability, meet every standard, or buy the “best” technology, security teams can change the game by focusing their defenses on known threats.
The way to begin is with MITRE ATT&CK.
What is ATT&CK? It is a framework of known adversary tactics, techniques and common knowledge (A. T. T. C. K.), a kind of periodic table that lists and organizes malicious actor behavior in an accessible, user-friendly format. It looks like this; you can click on adversary tactics within the “Navigator” that the MITRE Corporation has built to examine specific behaviors.
But ATT&CK is not just a framework to understand adversary behavior: it is a tool for improving security effectiveness. How and why? For years in cybersecurity, defenders lacked a common vision of the threat landscape. In the private sector, cyberthreat intelligence was often based on after-the-fact forensic data, leaving defenders uncertain about the adversary’s future approach. Further, detailed knowledge of adversary tactics was often limited to classified government environments. Lacking a common lexicon for discussing adversary behaviors across the community, defenders fumbled in the dark to achieve security effectiveness.
With the birth of the MITRE ATT&CK framework in 2015, this era of strategic ambiguity came to an end. ATT&CK gives the cybersecurity community a single, easy to access repository of adversary behavior to set a baseline against which they can prepare their cyberdefenses. It forms the basis of a threat-informed defense strategy, a transformational approach to security; with the knowledge ATT&CK provides, teams can shift from an ad hoc approach of meeting cybersecurity regulations to countering known, dangerous threats.
To learn how to use MITRE ATT&CK to improve your cybersecurity effectiveness download this easy to read Dummies’ guide that will help you improve your security effectiveness, strengthen your cybersecurity program, and maximize your resources. Plus, it’s free. You can use this guide to train your teams, transition from a manual approach to threat intelligence, and guide your entire security team with a unified threat framework. Once you learn ATT&CK, you can then deploy an automated breach and attack simulation platform to test your security controls and generate real performance data to improve your security program at scale.
Download this whitepaper
H-ISAC is all about increasing cyber resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website.