Automatically detect and triage 85% of network tactics identified in the MITRE ATT&CK framework.
Real-time analysis of threat behaviors in all network traffic – endpoints, servers, virtual workloads and the cloud.
Network-wide attacker detection is the most reliable and conclusive way to identify the highest-risk threats.
Goes well beyond the ATT&CK framework to detect attackers that encrypt their communication in hidden tunnels.
The MITRE Enterprise Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a curated knowledge base and model for cyber-adversary behavior that reflects the various phases of the attack lifecycle and the platforms attackers are known to target.
The ATT&CK behavior model provides a way to classify attacks in a clear, consistent manner, making it easier for security professionals to find how an adversary exploited their endpoints and penetrated their networks.
ATT&CK takes the perspective of the adversary, so defenders can more easily follow an adversary’s motivation for individual actions and understand how those actions and dependences relate to specific classes of defenses.
The ATT&CK model describes tactics, which represent the “why” of the attack. Tactics are the short-term adversary goals during an attack. The model also defines the techniques, or how adversaries achieve their tactical goals. Enterprise ATT&CK includes techniques across Windows, Linux and Mac.
The ATT&CK model can be used for red team exercises as well as to create scenarios that emulate adversaries to test and verify defenses. It provides a valuable way for organizations to assess the maturity of their security operations center (SOC). Security teams can use the framework to validate their defenses against common attack vectors and identify defensive gaps so they can continuously advance their strategies.
ATT&CK also serves a common language to describe the chain of events in an intrusion, which is very useful when working with security consultants and vendors.
Vectra validated Cognito Detect against the MITRE Enterprise ATT&CK model in a live enterprise environment to determine overall alignment. Cognito Detect covers 57 of 67 (85%) of the network techniques identified by the ATT&CK model, which indirectly exposes techniques that attackers use to compromise endpoints.