MITRE ATT&CK™

How to use the MITRE ATT&CK Matrix for Enterprise: Video walkthrough

Louis Livingston-Garcia
July 22, 2022 by
Louis Livingston-Garcia

Unsure how to use the MITRE ATT&CK® Matrix for Enterprise? Infosec Principal Security researcher Keatron Evans explains how it works, how you can use it to understand your adversaries and how it can help you and your team better to develop their cybersecurity skills. 

 Watch the full video below:  

Cyber Work listeners get free cybersecurity training resources. Click below to see free courses and other free materials.

 

Free Cybersecurity Training

 

Mapping events to the MITRE ATT&CK framework

 

(0:00–0:24) Cybercriminals cost $6 trillion worth of damage every year. But how exactly are they breaking into organizations' networks, evading detection and causing problems like ransomware, denial of service and intellectual property theft? And more importantly, how can you stop them? 

Well, one free tool, every cybersecurity team can use to answer these questions is the MITRE ATT&CK framework. 

 

What is the MITRE ATT&CK framework?

 

(0:44–1:01) The ATT&CK in MITRE ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge. And the framework does just that; it helps you understand the real-world tactics and techniques that adversaries use when they prepare, launch and execute an attack against your organization.

 

MITRE ATT&CK Matrix for Enterprise

 

(1:02–1:22) Let's take a look at the ATT&CK Matrix for Enterprise, which has 14 tactics and 200-plus techniques used by real-world threat actors.

The biggest benefit of the framework is that it provides a realistic guide to how adversaries will attempt to gain access to your environment and achieve their end goal.

 

How to use the MITRE ATT&CK framework

 

(1:23–2:09) As a practitioner and instructor, I regularly use the framework in several ways. I'll often reference it when I'm doing penetration test results and walkthroughs for customers. I will often use it when I'm leading responses to data breaches. It provides a perfect foundation to give even non-technical audiences an overview of how the attackers got in and what they did when I'm teaching classes. I will often design capture-the-flag exercises around the framework. Whereas each flag is accomplishing a task from the framework. 

It's also great for building team skills and finding out where your team's knowledge gaps are when it comes to the adversary. You're going to have a much better idea of how to defend against the adversary.

 

Understanding the attacker mindset

 

(2:10–2:36) If you have a good picture of what their tactics look like, the MITRE ATT&CK framework is just as much about mindset as it is about the knowledge base itself. That's why it can be such a great asset for organizations looking to guide and train their teams around the most prevalent threats. 

And I've noticed that the defenders I train around the framework tend to change their mindsets and truly start to think like the attacker.

 

Try this cyber range yourself

 

(2:37–2:49) If you want to build your team's hands-on skills around tactics and techniques in the MITRE ATT&CK framework go to infosecinstitute.com/range and try our hands-on cyber ranges today.

 

More cybersecurity training resources

 

Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders — plus other free cybersecurity videos.

Cyber Work listeners also get more free cybersecurity resources. See the latest free training courses and resources and keep learning!

 

Free Cybersecurity Resources

Louis Livingston-Garcia
Louis Livingston-Garcia

Louis Livingston-Garcia has a bachelor’s degree in journalism and a minor in Japanese language and education from the University of Wisconsin–Oshkosh. He has written for newspapers in Kodiak Island, Alaska, Wisconsin and Minnesota. His written work has been featured in many publications including Growler Magazine, Heavy Table, City Pages, 507 Magazine, Official Xbox Magazine, Game Informer, GamesRadar, October and more. He has professionally photographed Kodiak bears in the wild, Minnesota United FC soccer matches and countless breweries. If he isn’t traveling around the world with his wife, he is most likely playing video games or reading with his cat, Miyamoto (yes, named after the creator of Super Mario Bros.), in his lap, and a beer nearby.