Whitepaper

SANS – Contextualizing the MITRE ATT&CK® Framework

Think of ATT&CK as a dictionary and keep in mind that the context of how & when techniques are used is equally important to effective testing

You cannot ask your security team to simply test for credential harvesting or lateral movement without providing context for the technique.

By understanding how ATT&CK adds context to your interpretation of threat intelligence and threat actors, you will find your team better equipped to test relevant security controls.

In this whitepaper, we will examine how to use ATT&CK to read a threat intelligence report and show you how to bring that knowledge into your environment to test your defenses.

Book a Demo