What is the MITRE ATT&CK Framework?

The MITRE ATT&CK Framework is a complete knowledgebase of tactics and techniques cyber security professionals have observed impacting organizations. These tactics and techniques are organized by various attack stages, from initial Reconnaissance to Exfiltration and Impact.

The MITRE ATT&CK Framework is an open-source document that is available to organizations around the world online and can collect a wide range of attack stages. The goal of this framework is to have a comprehensive list of known adversarial tactics and techniques that are often used during cyberattacks, so organizations can identify and mitigate the risks across as many stages and TTPs as possible.

What is the ATT&CK?

What does the word ATT&CK mean? The word ATT&CK stands for adversarial tactics, techniques, and common knowledge.

Let’s break this down into what’s important to you.

Adversarial tactics and techniques are a way of looking at cyberattacks in terms of the outcome. This is also known as an indicator of compromise (IoC). It is when security leaders seek to understand the techniques and tactics that cybercriminals use that will indicate if an attack is in progress. While techniques represent how attackers achieve their goal, tactics represent the why behind a specific attack.

Common knowledge is when tactics and techniques are documented and become known information. In a nutshell, these types of documents become common knowledge so cybersecurity professionals can proactively develop a strategy to effectively mitigate risks associated to these documented tactics and techniques.

How to use the Mitre ATT&CK Framework

The framework is arranged visually to show all the known tactics and techniques into a simple and easy to read format. Attack tactics are shown vertically, and techniques are shown horizontally. In all instances, techniques have multiple tactics for organizations to be aware of. An cyberattack is typically built using multiple tactics and technique moving from left to the right within the framework.

Cybercriminals will use the least number of tactics to achieve their goal. For example, in order for a cybercriminal to steal confidential or sensitive information from a CEO or executive, only three tactics and techniques are needed.

By looking at the comprehensive matrix, an organization can begin to build compensating controls across techniques and tactics. These compensating controls provide a better chance of mitigating the risk associated to the attacks.

MITRE ATT&CK and Email Security

Effective email security is much more than simply detecting and quarantining phishing attacks within your organization. In the MITRE ATT&CK matrix, over 200 techniques are categorized across 14 attack categories, identifying a wide breadth of cybercriminal tactics. However, email security can effectively mitigate risk across a wide variety of these tactics and techniques, especially at the earlier stages in the attack

Great email security can provide compensating controls against phishing attack vectors which we discuss in our whitepaper, Breaking the Phishing Attack Kill Chain: Gaining Control Over Phishing. With compensating controls in place, you will be able to address various attack tactics and techniques defined in the MITRE ATT&CK Framework.

View this interactive visual to understand how email security can mitigate risk across various tactics and techniques in the MITRE ATT&CK Framework.

email threat assessment icon

Get Your FREE Email Threat Assessment

Learn what advanced threats are currently getting through your existing email security and into your end users’ mailboxes.