For those who might be new to the MITRE ATT&ACK Framework, let’s briefly examine what MITRE ATT&CK and its framework is so you can have a better understanding of how you might leverage it.
“MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” – MITRE ATT&CK: Design and Philosophy Abstract July 2018
So, what does this mean in laymen’s terms? If you’re looking at MITRE ATT&CK wondering why it might be important, MITRE ATT&CK is essentially a knowledge base of threats, tactics, and behaviors used by cyber threat actors to compromise, exploit, or expose the data of companies, organizations, and businesses. In addition to the threats, tactics, and behaviors, the Framework also provides mitigations around each of the attack methods used by leveraging input from various resources, including from the government and private sectors.
Mitre Corp, the non-profit, which among many roles, also maintains the Common Vulnerabilities and Exposures (CVE) system, developed the “ATT&CK Framework” in 2013. Since that time, the MITRE ATT&CK Framework has been a living, growing document. The ATT&CK portion is an acronym derived from Adversarial Tactics, Techniques, and Common Knowledge.
The Framework has made it easier for cybersecurity professionals to understand and counteract adversaries by exposing the tactics, techniques, and methods used by the attacker. In addition, the Framework breaks down the ATT&CK Matrix in a visual format similar to that of a Periodic Table Chart used in chemistry. This makes it easy to see the relationships between the tactics, techniques, and sub-techniques. When you dive into the details of the framework, you can see affected operating systems, examples, detections, and mitigations.
Adapting to COVID-19 and the Shifting Landscape of Cyberthreats
As a result of COVID-19 and the recommended, or mandated, stay at home and social distancing policies implemented across the world, companies and their employees have been forced to work remotely—and usually this entails working from home. Some organizations were more prepared for this abrupt, mass shift to telecommuting than others, but few have had the time to perfect it. This new work environment has created at least several big opportunities for cybercriminals to leverage remote access threat vectors to exploit vulnerabilities and security gaps.
With this in mind, the BeyondTrust team refreshed our white paper on MITRE ATT&CK and how our Privilege Access Management (PAM) solutions fit into the framework. We took all three PAM pillars—Privileged Password Management, Endpoint Privilege Management, and Secure Remote Access—and applied them to the MITRE ATT&CK Tactics, Techniques, and Mitigations so customers and potential customers can understand better how our PAM platform aligns with the MITRE ATT&CK Framework. After all, the famous cliché of any cybersecurity organization is – It’s not a matter of “IF” we get compromised, its “When!”
With this white paper: Mapping BeyondTrust Solutions into the MITRE ATT&CK Navigator, you can clearly see how our PAM platform aligns with the MITRE ATT&CK framework for Detecting, Alerting, and Preventing for each of the techniques across the entire MITRE ATT&CK Matrix. As we all know, each organization is unique in their priorities related to mitigating cybersecurity risks, so when an organization looks at a vendor and has placed a high priority on prevention rather than detection, the organization can easily see where the products and solutions align.
The beauty of the MITRE ATT&CK Framework is that it is constantly evolving and growing--it’s not a static matrix. As new threat techniques and tactics are used and discovered, the framework will continue to develop allowing public and private organizations, solution providers, and the cyber community to have a relevant and resourceful point of reference for understanding attacker’s and their techniques.
Christopher Hills, Deputy Chief Technology Officer, BeyondTrust
Deputy CTO focused in Privileged Access Management (PAM) and Identity and Access Management (IAM). Architecture, Engineering, and Implementation of BeyondTrust's Privileged Access Management Solutions enforcing Privileged Password Managment and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects including Audit, Reporting, and Vulnerability.