SANS Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework
MITRE ATT&CK is a Confidence-Inspiring Tool for Assessing Gaps in Cyber Defense
One of the most exciting, useful, and needed efforts in recent years for information security is the MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) framework, a way to describe and categorize adversarial behaviors based on real-world observations. The goal of ATT&CK is to be a living dataset that is continuously updated with new information as soon as it can be verified by the industry, therefore enabling security teams to trust the information to be complete. It eliminates the worry of missing the important “unknown unknowns”.
Using the key ideas and strategies presented in this whitepaper, you can steer your SOC team in a positive, objective direction, one that is informed by threat intelligence. Thus, arming cyber defenders and giving them a better chance at defeating unwanted attacks.
Key points of discussion:
- What is MITRE ATT&CK? Why is it important?
- The MITRE ATT&CK knowledge base
- Using MITRE ATT&CK to improve operations
- Keys to success
- Common challenges
- Tools and resources
Guide your SOC team towards the road to success for the long term by leveraging the ATT&CK framework.