In the world of cybersecurity, have you ever wondered about the inner workings of threat actors as they attempt to breach systems, their methods, tactics, and strategies, and how they seamlessly converge to execute a successful attack? It's not merely about initiating an attack but also the strategies they utilize to remain concealed within the system, allowing them to persistently operate and ultimately achieve their goals.

MITRE ATT&CK Reconnaissance (TA0043) techniques section maps out how threat actors gather information about potential targets. Like other ATT&CK tactics (like initial access and lateral movement), reconnaissance provides useful threat intelligence on adversary tactics, techniques, and procedures (TTPs). It is a realistic approximation of what will happen if you become a target.

In today’s digital age, adopting public cloud platforms like Amazon Web Services (AWS) security means reinforcing them. AWS is a complex and versatile platform. When problems or security incidents arise, it's important to have a systematic approach to investigation and analysis or it can quickly become noisy with lots of false positives. This is where the Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) framework can help.

As cloud applications and services gain prominence amongst organizations, adversaries are evolving their toolset to target these cloud networks. The surge in remote work and teleconferencing presents unprecedented opportunities for nefarious activities. Enter the MITRE ATT&CK Framework, also known as a MITRE ATT&CK Matrix—a treasure trove for defending cloud infrastructure and on-premises infrastructure against the newest adversary tactics, techniques, and procedures (TTPs).

Picture this: Your CEO comes into your office and asks, “What’s our security posture, and where’s our greatest area of risk? I’m particularly worried about this new emerging threat group. What defenses or detections do we have around that?” You: “…” Enter the MITRE ATT&CK® framework and Devo’s MITRE ATT&CK Adviser app—built to help you tell the business where your risks are and what it would take to address them.

The MITRE ATT&CK framework is one of the most commonly used resources within the SafeBreach platform. At SafeBreach’s 2023 Validate Summit—an event that brings security experts together to discuss challenges and best practices in proactive cybersecurity—SafeBreach Co-Founder and CTO Itzik Kotler sat down with Frank Duff, the Chief Innovation Officer at Tidal Cyber, to discuss threat informed defense and MITRE ATT&CK.

In a recent blog, we covered the basics of breach and attack simulation (BAS) and MITRE ATT&CK, including the challenges security teams often face when attempting to utilize the ATT&CK framework and how BAS can help. Now, it’s time to get more specific. In this installment of our latest series, we’ll discuss the ways organizations typically leverage BAS and MITRE ATT&CK for threat-informed defense.

MITRE ATT&CK emulates well-known threat groups inspired by publicly available threat intelligence. The evaluations do not rank vendors and their solutions; however, organizations should use them to determine which solutions best address their cybersecurity gaps, complement their existing protection implementation (network security product, existing endpoint protection solutions, etc.), and fit their business needs. The evaluation comprises two tests: Detection and prevention evaluation.