CISA Releases Guide for Maximizing Use of Mitre ATT&CK

The Cybersecurity and Infrastructure Security Agency has released guidance for the effective use of Mitre ATT&CK, described as a framework for assessing cybersecurity risks and prioritizing threats.

ATT&CK offers a repository of adversary information that analysts can use to mitigate cyberattacks by understanding how the enemy operates, Mitre said Wednesday.

In its own press release, CISA said ATT&CK has documented more than a hundred threat actor groups as well as the techniques and software they are known to use.

CISA partnered with the Mitre-operated Homeland Security Systems Engineering and Development Institute to develop its “Best Practices for MITRE ATT&CK Mapping” guide, which was designed to help network defenders make better use of the framework for analyzing and reporting threats.

The guide includes example uses and step-by-step instructions related to adversary threat levels, technology domains, ATT&CK mapping and the integration of raw data, among others.

Mitre cited a report by the University of California Berkeley’s Center for Long-Term Cybersecurity showing that the majority of enterprises using ATT&CK fail to take full advantage of it.

“A better understanding of ATT&CK can help people focus on watching for adversary behavior as they defend their networks, rather than just searching for indications of compromise,” said John Wunder, cybersecurity operations principal at HSSEDI. 

HSSEDI is a federally funded research and development center that provides independent technical and systems engineering expertise to homeland security agencies, DHS said.

Eric Goldstein, executive assistant director for cybersecurity at CISA, said the agency plans to explore more opportunities to partner with HSSEDI and other members of the cybersecurity community.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now