MITRE ATT&CK™ Framework

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is an open and transparent methodology that can be used to evaluate security vendors capabilities.

It is a knowledge base and complex framework of more than 200 techniques that adversaries may use over the course of an attack. These include specific and general techniques, as well as concepts and background information on well-known adversary groups and their campaigns. Since its inception in 2015, ATT&CK has become one of the most respected and most referenced resources in cybersecurity. 

Read more about the way MITRE uses ATT&CK to evaluate security vendors, and how threat hunting factors into the ATT&CK framework on our blog.

One of the most valuable things MITRE ATT&CK has given the cybersecurity industry is a common language and framework to discuss and analyze an attacker’s tactics, techniques, and procedures (TTPs).

An exciting component of MITRE ATT&CK is their ATT&CK-based product evaluations, as the product evaluations use the ATT&CK framework to give insight into how security vendors approach threat detection.

Last year, the MITRE ATT&CK team evaluated several security vendors to report on how effectively they identify the techniques used by threat actors for APT3 without scores, rankings, or comparisons.

Defensive teams – whether tactical, strategic or operational – can make good use of this information in actionable ways like using it to create prevention and detection rules or to guide architectural and policy decisions to protect an organization.

Round 2 Evaluations


On May 13th at 11:00 am EDT, Cybereason CISO Israel Barak will boil down the complexity of the MITRE ATT&CK framework to help you develop a more effective and scalable strategy to secure your organization.

Register Today


The MITRE ATT&CK framework use cases are of true value to defenders. Due to its comprehensive nature, MITRE ATT&CK is uniquely positioned to be a framework for organizations to identify what parts of their infrastructure are lacking defenses and visibility in order to cut down on attacks and see patterns faster. Combining several of the MITRE ATT&CK use cases into a guide, we have released a white paper on how best to use the MITRE ATT&CK framework to build a closed-loop defense process.

This white paper shares five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK™ that delivers consistent, real improvement in detection capabilities. Combining MITRE ATT&CK™ techniques, tactics, and procedures with advanced persistent threat groups and example adversary emulation plans, this white paper gives you the background to build an effective, iterative defense.

Read the Whitepaper