The benefits of MITRE ATT&CK mapping in a Security Operations

Centre (SOC) cannot be ignored. Who does not know about MITRE,
let me introduce it to you. MITRE, a not-for-profit organization, was
founded on 1958 in the United States, with a primary focus on
research and development. MITRE is also popularly known for its
contributions in developing the Common Vulnerabilities and
Exposures (CVE) system and the Common Weakness Enumeration
(CWE) system, which are widely used cybersecurity standards.

MITRE introduced ATT&CK in 2013 which stands for Adversarial

Tactics, Techniques and Common Knowledge, for grouping and
describing cyber threats, tactics, techniques, and procedures (TTPs)
facilitating organizations in their cyber defences.

Tactics are the technical objectives that attackers try to break into
systems and perform a successful cyber-attack. Tactics are
bifurcated into fourteen categories, performed in sequential order
(not always). Starting from Reconnaissance, Resource Development,
Initial Access, Execution, Persistence, Privilege Escalation, Defence
Evasion, Credential Access, Discovery, Lateral Movement, Collection,
C&C, Exfiltration, and Impact.

Whereas the techniques are the methods that attackers employ to

realise those tactics or objectives. Let me elaborate first tactic, which
is reconnaissance, consists of ten techniques that involve
adversaries actively or passively collecting information that can be
applied to target the victim. You can visit https://attack.mitre.org for
a detailed explanation of tactics and corresponding techniques.
#MITRE #ATTACK #CYBERDEFENCE #SECOPS