MITRE ATT&CK™ Solutions Update and Evolution: Exploring Advanced Applications of ATT&CK

Date: July 15, 2020

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is advancing as the go-to model for understanding known cyber adversary behavior.

How TrustedSec Helps Organizations With ATT&CK

Today, TrustedSec uses the ATT&CK framework to help organizations prioritize security program initiatives and spend by clearly illustrating existing gaps in attack tactic and technique coverage, highlighting potential tool redundancies, and ensuring the full security tool inventory stack is appropriate for an organization’s size and industry. Additionally, TrustedSec looks at how effective security teams are at deploying, managing, and supporting their existing tools, associated logs, and the log aggregation platforms within their ecosystem.

What Gaps Does ATT&CK Help to Address?

There are many challenges with building an appropriate-sized and balanced security program. New technologies and features, staffing and skills, threat intelligence and identification, and testing the efficacy of existing controls all contribute to the complexity of efficiently assessing which investments are the best fit for an environment. With the current landscape driving tough choices about security spend, TrustedSec is using ATT&CK to help:

  • Enhance internal knowledge of attacker techniques
  • Mitigate weaknesses in defensive posture
  • Visualize how changes to the security environment will impact an organization’s ability to respond to attacks
  • Strategically focus defensive capabilities on specific attacker objectives
  • Take advantage of strategic, financial, and operational improvement opportunities
  • Self-assess effectiveness in support of strategic planning, budget development, operational scheduling, and tool evaluations
  • Enhance red team and blue team collaboration
  • Align and prioritize alerting
  • Discover meaningful trends in tactics by industry

Updates, Automations, and Shortcomings

The MITRE team is continually updating the framework, and a major change is currently in Beta, which will be discussed. Additionally, TrustedSec has automated many components of the coverage and effectiveness assessments, which will also be discussed. Lastly, while the ATT&CK framework is great for gauging an organization’s ability to detect and potentially prevent specific attack techniques, it does have limitations. This webinar will review those limitations and speak to how TrustedSec is building additional value by looking at pre and post-attack activities and tools, blending these results with the results of the ATT&CK framework’s coverage and effectiveness capabilities.

Discover the Steps TrustedSec Has Taken to Provide More Value.

Join TrustedSec to discuss how your organization is making better use of the ATT&CK framework, hear from some of the leading experts on incorporating it into security planning, and learn how TrustedSec is helping organizations reduce tools, improve detection and response, and make the most out of their security budget!