Cyber security is a multibillion-dollar industry, and for good reason. Without it, businesses and individuals alike would be at the mercy of malicious third parties, with identity theft, fraud, and all sorts of other dilemmas occurring unhindered.A raft of tools and solutions have arisen to cope with the threats posed by cybercriminals, and it is the responsibility of commercial organizations to take advantage of them, protecting their customers and their brand reputation in the process.
The MITRE ATTACK framework is one of the most important and impactful weapons in the fight against hackers, so let’s look at how it applies in an enterprise cyber security context.
The basics
The ATTACK framework, also stylized with an ampersand in place of the A, deals with the tactics of hackers and the techniques they rely on to fulfill the aims of a given cyber assault.
It covers a number of enterprise-focused environments, with both locally installed operating systems as well as cloud-based solutions factored into the equation.
There are also iterations of ATTACK which specialize in encompassing mobile threats on Android and iOS devices.
The purpose of the framework is to give businesses an insider glimpse of how and why hackers do what they do, thus enabling them to plan appropriately to defend against breaches.
Read: Cyber security awareness for silver surfers: How to stay safe online
The tactics
At the center of this framework is the ATTACK Matrix, which essentially lays down the expected steps that a breach will follow.
Enterprises can chart this from the pre-attack phase of research and reconnaissance right through to the post-attack period during which the actions of the hackers can still cause disruption to mission-critical IT resources.
At each stage, a number of possible techniques are suggested, ranging from simple online searches for information on a target to account manipulation, phishing, keylogging, data exfiltration, and much more besides.
Trends such as ransomware are also taken into account within this framework, and of course there are different scenarios and variables depending on whether the ecosystem in question is on-premises or cloud-powered.
The advantages
There are a range of reasons to give the MITRE ATTACK framework your attention if you are in charge of enterprise cyber security at an up and coming or established organization.
First, it gives you the ability to test and analyze security solutions thoroughly using real-world scenarios as the basis for your testing.
By knowing what tactics an attacker will try, you can search for relevant vulnerabilities and patch them before a genuinely malicious third party gets involved.
Next, there is the scope and scale of the knowledge base itself. It is not some static store of useful information but rather an ever-growing pool of expert advice and guidance that paints an up-to-the-moment picture of the state of play in the cyber security space.
Furthermore, this may not be the only framework to apply to enterprise infrastructures, but it does stand out thanks to the sheer depth and detail that it offers compared with its competitors.
Read: Demystifying Zero-Trust and its role in Cybersecurity
The applications
In terms of putting this framework to use, there are a few contexts in which it can be especially appropriate.
From adversary emulation and red teaming to assessing and addressing any gaps in your existing security solutions, MITRE’s all-encompassing knowledge base is impressive in its practicality and adaptability.
Most importantly, it lets us get to know the threats that are out there, rather than seeing them as some amorphous, intangible, and unpredictable force.
It empowers businesses of all sizes and recognizes that cyber security is vital to prioritize at a time when risks are growing and becoming more sophisticated.
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.
