What is the MITRE ATT&CK framework?

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)—created by federally funded research and development center MITRE— is a globally-accessible, living and growing knowledge base of threat tactics and techniques based on real-world observations from millions of attacks on enterprise networks. It is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

Interset & MITRE ATT&CK

The MITRE ATT&CK framework’s detailed information on data sources, examples, mitigation, and detection is informing the development of Interest’s user and entity behavioral analytics (UEBA). At Interset, we are carefully mapping the 450+ machine learning models that power our threat detection solution to the 219 techniques of the ATT&CK matrix, allowing us to understand where we provide coverage effectively, which techniques are the most common and matter most to our customers, and how we can better leverage our anomaly models to protect against those techniques. 
Today, Interset’s UEBA covers 75% of the ATT&CK examples that have been seen in the wild, and our coverage will only continue to grow.

 

Interset’s UEBA covers 75% of the ATT&CK framework. This is a partial view of what we currently cover.

Importance to the security community

The vendor-agnostic ATT&CK framework gives Interset the ability to regulate the threat intelligence-sharing process, describing how opponents prepare for, launch, and execute their attacks. ATT&CK’s open-source tool enables both security vendors and customers to work toward improving their detection and prevention methods. Best of all, ATT&CK provides a standard, easy-to-understand language that can be consumed in bite-size chunks. It enables practitioners to explain complex concepts to management and customers by relating the security risks to the business.