Application of the MITRE ATT&CK Framework

In this course we will move through the 14 areas of the MITRE Attack Framework and discuss how security professionals should use the matrix to assist them in overlaying solutions or controls to address current threats.

The MITRE Attack Framework is a globally accessible knowledge base of tactics and techniques provided from real-world observations. Using the attack framework, a security consultant or blue team member can formulate a strategy for reducing risk in both the public and private sectors.

Since the methods of attack change regularly, this course is going to focus on examples for several of the attack types in each section and applicable mitigation tactics. These principles can then be applied across the entire framework whether you are looking at adding a security solution to your current stack or are doing research on known attack vectors for academic purposes.

Prerequisites

• Basic cyber defense technical terminology understanding
• Basic terminology in association with controls
• Basic terminology in association with risk reduction

Course Goals

By the end of the course, students should be able to understand how to defend against the adversarial tactics of:

• Reconnaissance
• Resource Development
• Initial Access
• Execution
• Persistence
• Privilege Escalation
• Defense Evasion
• Credential Access
• Discovery
• Lateral Movement
• Collection
• Command and Control
• Exfiltration
• Impact

What is the MITRE ATT&CK Framework?

MITRE ATT&CK was created as a model used to document and track a variety of different techniques that attackers use during the phases of a cyberattack to break into an organization’s network and obtain sensitive data.

ATT&CK is an acronym for Adversarial Tactics, Techniques, and Common Knowledge. Essentially, the framework is a matrix of those techniques sorted by different tactics. It includes different matrices for Windows, Mac, LINUX, and mobile systems. The framework is used by various IT professionals including red teamers, threat hunters, and defenders to help classify attacks and assess a company’s risk.

MITRE ATT&CK was launched in 2013 and has since become one of the most respected and used resources in cybersecurity. It’s an essential tool for professionals in the IT industry to be familiar with ATT&CK.

What is Involved in the MITRE ATT&CK Training?

In this application of the MITRE ATTACK Training Course, students will learn how to use the framework to reduce security risks to their organizations. The course will focus on breaking down several types of attacks and learning methods and tactics to mitigate those threats. The current framework of ATT&CK includes 12 tactics, each of which has numerous techniques.

When completed with this course, students will have the skills to understand primary access ATT&CK vectors, including:

• Spear Phishing Link
• Drive-by Compromise
• Supply Chain Compromise
• Trusted Relationship

Students who enroll in this MITRE ATTACK training should have an understanding of basic technical terminology, basic terminology in association with controls, and basic terminology in association with risk reduction. There are no other requirements for this beginner level course.

In this course, students will earn 10 CEU/CPE and will receive a Mitre Att&ck Certificate of Completion when finished with the class.

How is the MITRE ATT&CK Framework Used?

The MITRE ATT&CK framework, a staple of the security community, works by organizing the steps that cyber attackers take to infiltrate networks, compromise hosts, escalate privileges, move without detection, and ultimately, obtain important data. Cybersecurity teams can better test, develop, and prioritize their current means of detection and response to be relevant to their organizations’ business, industry, and intellectual property.

Why Is Understanding the MITRE ATT&CK Framework Important in IT?

MITRE ATT&CK is a framework that has been around for a number of years, but it’s fairly recently that it’s become a universal tool. It’s important in the IT industry because it’s very effective at helping organizations, government agencies, and end users share cyberthreat intelligence. Of course, there are other means through which intelligence like this is shared, what sets ATT&CK apart is that it uses a common language that is standardized and accessible worldwide.

Another benefit of using the ATT&CK framework is that it allows defenders and analysts to work together with information to compare and contrast different threat groups. Analysts are able to structure intelligence based on behavior ad defenders can structure information based on behavior. Together they are able to detect and mitigate threats.

Additionally, users are able to understand adversaries and how they operate on a deeper level – the steps that they will use to infiltrate networks and obtain the data they are after. This means that defenders don’t necessarily have to focus only on defensive tactics, but also have to have a good understanding of how the offense is working. That will allow cybersecurity professionals to better defend their networks and systems.

What Is the Best Way to Learn about MITRE ATT&CK Framework?

The MITRE ATT&CK framework is an important and widely used tool for cybersecurity professionals. It’s a means for sharing intelligence with the goal of reducing the risk of cyberattacks for organizations. Learning about the ATT&CK framework is essential for IT and cybersecurity professionals to stay up to date in their industry and ahead of the bad guys.

It’s best to learn about MITRE ATTACK from experts who use it, like Cybrary’s excellent instructors. All of the courses in our extensive library are self-paced, making them convenient for all students. If you’re interested in learning more about the MITRE ATT&CK framework, enrolling in our Application of the MITRE ATTACK Framework training is a great place to start. Enrolling is easy, just click the Register button at the top right of this screen to get started.