MITRE ATT&CK™

MITRE ATT&CK framework mitigations: An overview

Howard Poston
February 9, 2021 by
Howard Poston

The MITRE ATT&CK framework is a tool developed by the MITRE Corporation that is intended to help with understanding how cyberattacks can be performed. It takes the lifecycle of a cyberattack, breaks it down into stages, and provides a wealth of information about each stage.

The MITRE ATT&CK framework is designed as a hierarchy. At the top are the Tactics, which describe the goals that an attacker may be attempting to accomplish at a particular stage of a cyberattack. Each of these goals has a number of Techniques and Sub-Techniques associated with it, which describe the various methods that an attacker can use to accomplish a particular Tactic.

By working through the various Tactics, Techniques, and Sub-Techniques, it is possible to gain a good understanding of how cyberattackers can accomplish their goals in an attack. While the MITRE ATT&CK framework’s list of Techniques and Sub-Techniques may not be comprehensive, it covers the most common attacks and the ones that an organization is most likely to experience.

Introduction to MITRE ATT&CK framework mitigations

While MITRE ATT&CK is written to focus on the attacker’s side, it isn’t designed to be a cookbook for attackers wanting to expand their skill sets and identify new ways to exploit targets.  The MITRE ATT&CK Framework is intended to be a resource for defenders tasked with identifying and responding to these threats.  The offensive components of MITRE ATT&CK provide insight into the methods that an attacker may use, but the framework also includes defensive information as well.

Under each Technique or Sub-Technique is a section on Mitigations.  This section describes some of the security controls and best practices that an organization can put into place to help prevent and protect against these attacks.

For example, Password Guessing is a Sub-Technique under the Brute Force Technique for Credential Access.  One of the suggested Mitigations for this Sub-Technique is implementing multi-factor authentication (MFA).  By implementing MFA, an organization makes it so that knowledge of a user’s password is insufficient to gain access to the associated account.  This limits the impact of successful password guessing because the attacker also needs to defeat the protections provided by MFA as well.

MITRE ATT&CK framework enterprise mitigations

The MITRE ATT&CK Enterprise Framework focuses on the attack vectors that can be exploited within a corporate network.  MITRE ATT&CK’s Tactics, Techniques, and Sub-Techniques outline these attack vectors, and the recommended Mitigations describe how to protect against them.

In most cases, the Mitigations described in the MITRE ATT&CK Enterprise Framework are common cybersecurity best practices.  Steps like deploying MFA and using an antivirus can protect against a wide range of Techniques and Sub-Techniques.

MITRE ATT&CK Framework Mobile Mitigations

As the use of mobile devices for business becomes more common, mobile security becomes more important to the business. The MITRE ATT&CK Mobile Framework outlines Techniques and Sub-Techniques specific to attacking mobile devices.

Each of these Techniques and Sub-Techniques also has associated mitigations. These range from simple cybersecurity best practices - such as vetting the mobile apps installed on a device - to ones that may require specialized solutions or cybersecurity investment.

Sources

Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at howard@howardposton.com or via his website at https://www.howardposton.com.