MITRE ATT&CK is a public knowledge base of adversarial tactics and techniques, which can be used as a foundation for the development of specific cyber threat models and methodologies. In short, it helps the industry define and standardize how to describe an attacker’s approach. MITRE ATT&CK collects and categorizes common attack tactics, techniques, and procedures (TTPs), then organizes this information into a framework. This framework can be used to help explain how adversaries behave, what they are trying to do, and how they are trying to do it.
Having a common language and framework is important in the ability to communicate, understand, and respond to threats as efficiently and effectively as possible. It also helps SOC/IR teams understand what coverage they have against various attack techniques. The framework is updated regularly with new techniques contributed by those in the cybersecurity industry, including Trend Micro. The MITRE ATT&CK evaluations have focused on the Enterprise Matrix for Windows systems, to-date, however, there are multiple framework matrices:
- Enterprise (Microsoft® Windows®, macOS®, Linux®)
- Cloud (Microsoft® 365®, AWS, Microsoft® Azure™, Google Cloud Platform™, Software as a Service (SaaS)
- Mobile (Android™, iOS)
- Industrial control systems (ICS)