MITRE ATT&CK is a globally accessible, knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. It stands for Adversarial Tactics, Techniques, and Common Knowledge and is used by security professionals to model behaviors, improve threat detection, and strengthen defenses. The framework, developed by The MITRE Corporation in 2013, categorizes actions into a matrix covering the entire attack lifecycle.
Key Aspects of MITRE ATT&CK Tactics (The “Why”): Represents the adversary’s tactical objectives, such as Initial Access, Lateral Movement, or Exfiltration. Techniques (The “How”): Describes the specific methods attackers use to achieve a tactic (e.g., Phishing). Sub-techniques: Provide more granular, detailed descriptions of techniques. Real-World Application: Used by red teams for simulation, blue teams for detection, and to map security gaps.
The framework includes matrices for Enterprise, Mobile, and Industrial Control Systems (ICS). It is open-source and widely adopted to understand attacker behavior beyond just indicators of compromise (IoCs). #threatmodeling frameworks