MITRE ATT&CK is a comprehensive knowledge base and framework of over 200 techniques.
The MITRE ATT&CK framework outlines techniques adversaries may use over the course of an attack. These include specific and general techniques, as well as concepts and background information on well-known adversary groups and their campaigns.
The MITRE ATT&CK framework is well-known for being used to evaluate business security posture as well as individual security vendors. Rather than simply scoring vendors on a linear scale, it offers a more profound view of capabilities, applicability, and use cases. Read more about the way MITRE uses ATT&CK to evaluate security vendors, and how threat hunting factors into the ATT&CK framework on our blog.
The MITRE ATT&CK framework use cases are of true value to defenders. Due to its comprehensive nature, MITRE ATT&CK is uniquely positioned to be a framework for organizations to identify what parts of their infrastructure are lacking defenses and visibility in order to cut down on attacks and see patterns faster. Combining several of the MITRE ATT&CK use cases into a guide, we have released a white paper on how best to use the MITRE ATT&CK framework to build a closed-loop defense process.
This white paper shares five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK™ that delivers consistent, real improvement in detection capabilities. Combining MITRE ATT&CK™ techniques, tactics, and procedures with advanced persistent threat groups and example adversary emulation plans, this white paper gives you the background to build an effective, iterative defense.