MITRE PRE-ATT&CK

Although many of the ATT&CK mitigations needed improved surveillance of the endpoints, PRE-ATT&CK also needs additional data sources to collect information on adversarial targets and activities.

Founded in 1958, MITRE is a non-profit company whose mission is to solve the problem of a safer world. A new curated knowledge base, known as MITRE ATT&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge is a platform that organizes and categorizes tactics, techniques, and procedures (TTPs) used by threat actors in the digital world to help organizations identify gaps in their cyber defenses.

The ATT&CK Matrix for Enterprises describes what an attacker normally does when infiltrating a corporate network. The information collected during an attack is presented in the form of a matrix of TTPs as well as information about the tactics, techniques, and procedures of the attacker.

These techniques represent the various ways in which a cyber-attacker can achieve goals, goals, and tactics. It can provide a comprehensive solution to prevent and mitigate cybersecurity threats. By combining these two solutions, an organization’s defenses can be improved by counteracting enemy actions at all stages of the attack lifecycle.

The information in the ATT&CK matrix is part of a continuously updated collection of data to understand various methods of cybersecurity. MITRE has joined forces in its ongoing cybersecurity work and was originally developed for internal project deployment. It includes information about cybercriminals who use various attack techniques, tactics, techniques, and procedures of cyber attackers.

Building on ATT&CK, PRE-ATT&CK provides the ability to prevent an attack before the adversary has a chance to get in. The 15 tactic categories for PRE-ATT&CK were derived from the first two stages (recon and weaponize) of a seven-stage Cyber Attack Lifecycle (aka Lockheed Martin’s Cyber Kill Chain.

PRE-ATT&CK provides defenders with the ability to answer questions such as:

· Are there signs that the adversary might be targeting you?

· What commonly used techniques does the adversary use against you?

· How should you prioritize cyber threat intelligence data acquisitions and analytics to gain additional insights to “see” the adversary before the exploit occurs?

ATT&CK and PRE-ATT&CK Comparison

PRE-ATT&CK is affiliated with ATT&CK as it adopts the same model structure and supports ATT&CK by concentrating on the left of the Cyber Attack Lifecycle exploit phases. PRE-ATT&CK and ATT&CK show a variety of basic differences:

· ATT&CK is closely connected to a particular business network (e.g., Microsoft Windows, Linux, or connectivity environment) and thus offers extensive technical information on adversarial behavior and defender mitigations for each technique. PRE-ATT&CK is agnostic to these variations because the opponent will work in any of these conditions for his pre-compromise preparation activities

· The ATT&CK mitigations can be very concrete and accurate. PRE-ATT&CK mitigations are under progress and will include mitigations based on technology and policy. These mitigations will not be as effective or thorough in many cases given the inability to completely capture all adversary actions, data, and resources.

Although many of the ATT&CK mitigations needed improved surveillance of the endpoints, PRE-ATT&CK also needs additional data sources to collect information on adversarial targets and activities.

In a nutshell, MITRE ATT&CK is an open-source, high-performance platform for identifying and classifying cyber attackers’ strategies, techniques, and procedures. It helps cyber-defense teams to identify risks, evaluate and resolve cyber defense weaknesses, and develop security measures against potential threats using tactics and techniques. There you will see data that provides information about malware associated with the use of techniques by cyber attackers.

Cybersecurity | Artificial Intelligence | Blockchain

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store