How to use it? @ Threat Zone — Mitre Attack

How to use it? @ Threat Zone — Mitre Attack

What is a Mitre Attack?

MITRE ATT&CK® is a global, constantly updated knowledge base of known state-sponsored and criminal groups, as well as the tactics, techniques, and procedures they employ.

It enables public and private organizations to prioritize detection around the most persistent threats and threat groups.

Why is it important?

Instead of rating vendor capabilities, MITRE’s approach focuses on explaining how detections happen. Each detection and capture is categorized by MITRE.

Then, detections are categorized into each technique. If the capability detects the technique in multiple ways and includes the detections they notice in the results, a technique may have more than one detection.

Despite MITRE’s best efforts, it’s possible that vendors’ capabilities will be able to detect processes in ways that MITRE did not.

When do we need to use it?

MITRE ATT&CK provides a knowledge base of adversary behavior intelligence by providing a common, standardized “language” through which security personnel can understand and even predict adversary behaviors.

They can then take action to defend and prevent an attack on the enterprise.

Aids in Risk Assessment:

Red teamers and cyber defenders can understand adversaries, classify attacks, and assess and strengthen the risk posture of their organization.

Improve Detection of Post-Compromise

The framework depicts the actions that an attacker may have taken to attack the organization, allowing security teams to take immediate and relevant action to mitigate the damage.

Helps with Threat Hunting:

Threat hunters can understand the various adversary techniques, hunt for threats proactively, and assess the visibility of their environment against targeted attacks.

How do I use it at Threat.Zone?

Mitre Attack techniques and explanations used in the file can be found in the Dynamic Scan Report of the file you’re looking at in Threat Zone.

To see an amazing malware sandbox 👉

Follow us on Twitter and Linkedin 👇