MITRE ATT&CK
Definition
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Why It Matters
The ATT&CK framework provides a common language and structure for describing and analyzing adversary behavior. It is an invaluable resource for security teams to understand how attacks work and to assess their own defensive posture against known TTPs.
Contextual Example
A security team can use the ATT&CK framework to map their defenses. For each technique listed in the framework (e.g., "Credential Dumping"), they can assess whether they have the proper logging and detection capabilities in place to spot it.
Common Misunderstandings
- ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.
- It is not a piece of software, but a knowledge base and framework that is freely available to anyone.