How to use the MITRE ATT&CK Matrix for Enterprise: Video walkthrough
Unsure how to use the MITRE ATT&CK® Matrix for Enterprise? Infosec Principal Security researcher Keatron Evans explains how it works, how you can use it to understand your adversaries and how it can help you and your team better to develop their cybersecurity skills.
Watch the full video below:
Cyber Work listeners get free cybersecurity training resources. Click below to see free courses and other free materials.
Mapping events to the MITRE ATT&CK framework
(0:00–0:24) Cybercriminals cost $6 trillion worth of damage every year. But how exactly are they breaking into organizations' networks, evading detection and causing problems like ransomware, denial of service and intellectual property theft? And more importantly, how can you stop them?
Well, one free tool, every cybersecurity team can use to answer these questions is the MITRE ATT&CK framework.
What is the MITRE ATT&CK framework?
(0:44–1:01) The ATT&CK in MITRE ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge. And the framework does just that; it helps you understand the real-world tactics and techniques that adversaries use when they prepare, launch and execute an attack against your organization.
MITRE ATT&CK Matrix for Enterprise
(1:02–1:22) Let's take a look at the ATT&CK Matrix for Enterprise, which has 14 tactics and 200-plus techniques used by real-world threat actors.
The biggest benefit of the framework is that it provides a realistic guide to how adversaries will attempt to gain access to your environment and achieve their end goal.
How to use the MITRE ATT&CK framework
(1:23–2:09) As a practitioner and instructor, I regularly use the framework in several ways. I'll often reference it when I'm doing penetration test results and walkthroughs for customers. I will often use it when I'm leading responses to data breaches. It provides a perfect foundation to give even non-technical audiences an overview of how the attackers got in and what they did when I'm teaching classes. I will often design capture-the-flag exercises around the framework. Whereas each flag is accomplishing a task from the framework.
It's also great for building team skills and finding out where your team's knowledge gaps are when it comes to the adversary. You're going to have a much better idea of how to defend against the adversary.
Understanding the attacker mindset
(2:10–2:36) If you have a good picture of what their tactics look like, the MITRE ATT&CK framework is just as much about mindset as it is about the knowledge base itself. That's why it can be such a great asset for organizations looking to guide and train their teams around the most prevalent threats.
And I've noticed that the defenders I train around the framework tend to change their mindsets and truly start to think like the attacker.
Try this cyber range yourself
(2:37–2:49) If you want to build your team's hands-on skills around tactics and techniques in the MITRE ATT&CK framework go to infosecinstitute.com/range and try our hands-on cyber ranges today.
More cybersecurity training resources
Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders — plus other free cybersecurity videos.
Cyber Work listeners also get more free cybersecurity resources. See the latest free training courses and resources and keep learning!