Analyzing Gaps in Detection Coverage with MITRE ATT&CK
About MITRE ATT&CK
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Unlike prior work in this area, the focus isn’t on the tools and malware that adversaries use but on how they interact with systems during an operation.
ATT&CK organizes these techniques into a set of tactics to help explain to provide context for the technique. Each technique includes information that’s relevant to both a red team or penetration tester for understanding the nature of how a technique works and also to a defender for understanding the context surrounding events or artifacts generated by a technique in use.
Objective of the assessment
Benefits of the assessment
By conducting MITRE ATT&CK based assessment, your organisation can achieve the following results
Deliverables
ATT&CK Matrix
The relationship between tactics and techniques can be visualized in the ATT&CK Matrix. The ATT&CK Matrix is probably the most widely recognizable aspect of ATT&CK because it’s commonly used to show things like defensive coverage of an environment, detection capabilities in security products, and results of an incident or red team engagement.
Value added report
The results of the assessment will be presented in the MITRE ATT&CK matrix with RAG statuses (Red [not covered by the current sources/solutions], Amber [partially covered by the current sources/solutions], Green [covered by the current sources/solutions].) enriched by short explanations in Microsoft Excel format.
