Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Blog

    Back

    MITRE ATT&CK® mapping and how it contributes to the users

    By BUFFERZONE Team, 15/03/2023

    The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) is a comprehensive knowledge base and model for cyber adversary behavior. It reflects the various phases and steps an adversary may take during a cyber-attack, making it an invaluable resource for cybersecurity professionals on both the offensive and defensive sides.

    The ATT&CK® model provides a structured and comprehensive view of the techniques and tactics that adversaries use to compromise and exploit systems. It is designed to be platform-agnostic and vendor-neutral, providing a common language and framework for cybersecurity professionals to discuss and analyze cyber threats.

    The model maps out a wide range of attack techniques and tactics, such as initial access, privilege escalation, lateral movement, and data exfiltration, among others. This helps security professionals anticipate and identify potential attacks and develop effective defense strategies.

    The MITRE ATT&CK® Matrix is a visual representation of the MITRE ATT&CK® model. It is a matrix of attack techniques and tactics that adversaries may use to compromise and exploit systems, categorized by the different phases of an attack.

    The matrix is divided into columns representing the different phases of an attack, such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, and Command and Control.

    The rows of the matrix represent the different attack techniques and tactics used by adversaries within each phase. These techniques and tactics are organized into distinct categories, such as network, web, and endpoint-based attacks.

    Each cell of the matrix represents a specific combination of a phase and an attack technique or tactic. By using the matrix, cybersecurity professionals can understand the diverse ways that adversaries can move through an attack, identify the techniques and tactics used at each phase, and develop effective defense strategies to prevent or mitigate the impact of an attack.

    From the customer point of view MITRE ATT&CK ® can help to map what is the contribution of security products and how they can assist them to prevent cyber-attacks.
    The following steps will help you to assess how the security product help your organization:

    1. Ask your security vendor for the MITRE ATT&CK Matrix solution coverage map and learn how the security product protects your organization against different the different tactics and techniques used by the threat actor. This can help you identify areas where your security product may be strong or weak, and where you may need to supplement it with additional security controls. For example, if you are using an endpoint protection product that is strong against malware but weak against credential theft, you may need to supplement it with additional controls such as browser anti-phishing. Or if your organization is exposed to user with removable media consider using endpoint containment to isolate the untrusted USB from the rest of your network.
    2. Use the MITRE ATT&CK Matrix to evaluate different security products and compare their capabilities. This can help you make an informed decision about which product to use, based on its ability to defend against the specific threats that you are concerned about.

    The following mapping illustrates how BUFFERZONE ® Safe WorkSpaceTM contributes to your enterprise endpoint security efforts.

    BUFFERZONE ® Safe Workspace MITRE ATT&CK® mapping (each technique has link to MITRE website):