Significance of MITRE ATT&CK framework

1
Significance of MITRE ATTCK framework
www.infosectrain.com sales_at_infosectrain.com
2
ATTCK is a framework introduced by MITRE
corporation in 2013 that describes the
adversarys attack cycle phases. ATTCK is an
abbreviation of Adversarial Tactics, Techniques
common knowledge. The framework provides a
globally accessed knowledge base classifying the
known adversarial attacks and compiling them into
tactics and techniques. It gives red teams, the
blue team, and security analysts a common
language to address adversaries behavior.
www.infosectrain.com sales_at_infosectrain.com
3

• The ATTCK framework helps organizations to the
  risks after the security incident has occurred.
  Security teams can determine the sequence of
  steps adversaries may follow to break in and how
  they operate within the network infrastructure.
  The threat hunters and defenders use these
  tactics and techniques for evaluating the
  vulnerabilities in an organization.
• Understanding MITRE ATTCK framework
• It is essential to have a brief overview of
  matrices to understand the MITRE ATTCK
  framework, techniques, and sub techniques stated
  in the ATTCK framework.
• Matrices of ATTCK Framework  
• ATTCK Framework describes three matrices that
  consist of tactics and techniques associated with
  them. The three matrices of the ATTCK framework
  are
• Enterprise Enterprise matrix deals with the
  tactics and techniques for the Windows, macOS,
  and Linux platforms.
• Mobile Mobile matrix deals with the tactics and
  techniques for the android and iOS platforms.
• PRE-ATTCK The PRE-ATTCK matrix describes the
  tactics and techniques used by an attacker before
  attacking a target organization.

www.infosectrain.com sales_at_infosectrain.com
4

• Core components of ATTCK framework 
• Tactics Tactics are the short-term goals that
  the adversary wants to achieve during an attack.
  ATTCK Framework has eleven tactics
• Initial Access
• Execution
• Persistence
• Privilege Escalation
• Defense Evasion
• Credential Access
• Discovery
• Lateral Movement
• Collection
• Exfiltration   

www.infosectrain.com sales_at_infosectrain.com
5

• Techniques and Sub-techniques Techniques
  outlines how adversaries can achieve their
  objectives. Sub-techniques further describe how
  the behavior is used to achieve a goal.
• Applications of MITRE ATTCK framework?
• Applications of MITRE ATTCK framework are as
  follows
• Integration of MITRE ATTCK with different
  toolsThe integration of ATTCKs tactics and
  techniques with different tools and services can
  strengthen the security posture. It is already
  integrated into automated SIEM solutions. IBM
  QRadar, Sentinal, Alienvault USM are already
  getting integrated with tactics and techniques of
  ATTCK Framework.
• Information sharingWhenever addressing any
  threat actor, attack, or group security analysts,
  defenders, and IR teams can use ATTCK tactics
  and techniques as a common language.

www.infosectrain.com sales_at_infosectrain.com
6

• The blue team can use MITRE for creating a
  defensive strategyBlue teams can understand the
  tactics and techniques used by adversaries to
  target an organization and employ defense
  strategies and mitigation strategies accordingly.
• The red team use it for planning attacksThe red
  team can plan strategies to test their security
  posture by following the adversarial emulation
  plan and modeling different tactics. The ATTCK
  framework can also help red teams develop new
  techniques that cannot be identified by common
  defenses.

www.infosectrain.com sales_at_infosectrain.com
7

• Using ATTCK with cyber threat intelligenceATTCK
  comes of great use in problem-solving when
  clubbed with threat intelligence. It provides an
  organized way to explain the tactics, techniques,
  and behavior of the adversaries. Both defender
  and security analysts can get benefitted from
  ATTck Framework and create a response program to
  thwart potential threats.
• Used in improving the efficiency of SOCA
  security operations center (SOC) team can use the
  tactics and techniques of ATTCK to improve its
  efficiency. The team can anticipate attackers
  behavior by observing their techniques, tactics,
  and procedures used in the past. It also helps
  them evaluate their defensive strength and
  unravel misconfigurations and operational
  concerns.

www.infosectrain.com sales_at_infosectrain.com
8

• Why do we need a MITRE ATTCK training course?
• Mitre ATTCK provides a common standardized
  language for organizations, government agencies,
  and security professionals to share threat
  intelligence. ATTCK training helps candidates to
  validate their skills to prevent or address any
  potential cyber attack. After completing the
  training course, candidates will be able to
• Setting up the appropriate environment to
  implement the ATTCK framework
• Documenting the adversarial behavior
• Detecting and investigating attacks after post
  compromising
• Understanding the importance of ATTck for cyber
  threat intelligence
• Analyzing threat intelligence using ATTck
• Recommending security measures after CTI analysis
• Storing the mapped data of the ATTCK Framework

www.infosectrain.com sales_at_infosectrain.com
9
MITRE ATTCK training with Infosec Train Infosec
Train is among the pioneers in advanced IT
security training providers whose trainings and
security services are trusted by consumers
worldwide. Our MITRE ATTCK training is an
excellent opportunity for candidates to learn
from industry experts about implementing the
ATTCK framework to strengthen their
organizations overall security
infrastructure. Get yourself enrolled today!
www.infosectrain.com sales_at_infosectrain.com
10
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
11
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
12
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
13
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
14
(No Transcript)
15
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com