In our first blog post about the MITRE ATT&CK framework, we explained what it is and how it contributes to cybersecurity. In our second post about MITRE ATT&CK, we dove deeper into its features. In this third and final post, we discuss the future of the MITRE ATT&CK™ framework as we see it.
To recap: ATT&CK framework is a MITRE-developed, globally-accessible knowledge base of cyberattack strategies and techniques that have been detected and reported. This knowledge base is freely accessible for any organization, to benefit from and contribute to. But also, researchers can add their own ideas and experiences, making the platform even stronger for fending off the growing cybercrime wave.
MITRE is constantly improving its ATT&CK framework to turn it into a one-stop knowledge base across multiple platforms and all phases of the crimeware and cyberattack lifecycle. This means that also the PRE-ATT&CK phase is covered in technical detail in MITRE’s Enterprise ATT&CK section.
As we all know, one of the tricky parts of defending against malware attacks is the fact that they keep mutating. To illustrate: The computer network of Pinehurst-based First Health of the Carolinas was shut down by a new form (at that time) of WannaCry in October 2017. Bad Rabbit, a variant of the Petya ransomware, victimized organizations in Russia, Ukraine, and other countries in October 2017. That’s why the ATT&CK™ platform keeps on updating and now even includes details of sub-techniques for defining those variations and techniques.
In short, MITRE keeps on developing and improving its robust set of tools, including its ATT&CK™ Navigator (an embeddable ATT&C matrix visualization tool) and its STIX/TAXII-based APIs. By partnering with industry players in combination with its process of feedback and governance, ATT&CK™ is a great available resource for getting relevant and useful information and tools to boost cybersecurity posture now and in the future.
MITRE ATT&CK framework has already been utilized by organizations and vendors, and we at Cymulate predict that it will soon become an internationally recognized industry standard.
[Update Sept 20, 2022: MITRE is now also developing new techniques designed to shore up protection against supply chain attacks with the help of SBOM (Software Bill of Material) ]
For a full overview of MITRE’S ATT&CK Matrix, click here.
To learn more about Cymulate’s BAS platform, click here.
Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.