Page 118 - Cyber Defense eMagazine for September 2020
P. 118
Mapping Automation to the MITRE ATT&CK Framework
By Chris Calvert, vice president, product strategy, and co-founder, Respond Software
As major enterprises race to digitize their IT and line of business infrastructures, cybersecurity has
become an imperative, both from a business and regulatory perspective. Yet these same forces of
digitization and the rise of software have proliferated vulnerable points of access to sensitive information
that malicious actors are able to access.
To remedy these challenges, the MITRE Corporation, a global technology standards non-profit,
developed the MITRE ATT&CK knowledge base. Its objective was to give cybersecurity professionals a
way to systematically categorize and mitigate adversary behavior.
With the vast assortment of tactics and techniques being used by attackers, the MITRE ATT&CK
framework provides a way to catalog these methods and understand them. The framework itself, as a
result, is large and complex, describing more than 500 activities, which can make it tricky to navigate.
How can organizations defend against all of these activities at all times? The answer lies in aligning
automation with the MITRE ATT&CK framework.
Understanding the MITRE ATT&CK framework
The ATT&CK framework offers security teams detailed and highly specific information on how enterprise
IT environments can be compromised and provides actionable insights into attacker behavior. Red teams
or pen testers can emulate all of the attack scenarios discussed in the ATT&CK framework. The
framework helps security analysts understand the “how” and “why” of particular malicious activities by
focusing on attackers’ actions. The ultimate goal of the framework is to provide a comprehensive overview
Cyber Defense eMagazine – September 2020 Edition 118
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
