Cybersecurity practitioners have often drawn insights and ideas from other domains, relying on their insights, adopting their maxims and terminology. Sun Tzu famously wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Carl Linneaus is credited with developing the standard taxonomy for naming organisms. Only recently, however, has our industry begun to effectively apply the synthesis of such ideas. The MITRE ATT&CK Framework, publicly released in 2015, has been growing in scope and influence, but it is not the first of its kind. How does it compare with its predecessors in improving our understanding of adversary behavior and our defenses? This talk describes key concepts and goals of MITRE ATT&CK to help support successful implementations.
Understand the origins, design goals and components of the MITRE ATT&CK Framework.
Compare and contrast the MITRE ATT&CK Framework with other frameworks in order to judge appropriateness for and applicability to an organization's security programs.
Use the MITRE ATT&CK Framework to correlate between offensive actions and defensive capabilities and measure coverage of ATT&CK techniques.