MITRE ATT&CK for Enterprise

MITRE ATT&CK for Enterprise

  • Automatically detect and triage 85% of network tactics identified in the MITRE ATT&CK framework.
  • Real-time analysis of threat behaviors in all network traffic – endpoints, servers, virtual workloads and the cloud.
  • Network-wide attacker detection is the most reliable and conclusive way to identify the highest-risk threats.
  • Goes well beyond the ATT&CK framework to detect attackers that encrypt their communication in hidden tunnels.

The MITRE Enterprise Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a curated knowledge base and model for cyber-adversary behavior that reflects the various phases of the attack lifecycle and the platforms attackers are known to target.

The ATT&CK behavior model provides a way to classify attacks in a clear, consistent manner, making it easier for security professionals to find how an adversary exploited their endpoints and penetrated their networks.

ATT&CK takes the perspective of the adversary, so defenders can more easily follow an adversary’s motivation for individual actions and understand how those actions and dependences relate to specific classes of defenses.

The ATT&CK model describes tactics, which represent the “why” of the attack. Tactics are the short-term adversary goals during an attack. The model also defines the techniques, or how adversaries achieve their tactical goals. Enterprise ATT&CK includes techniques across Windows, Linux and Mac.

The ATT&CK model can be used for red team exercises as well as to create scenarios that emulate adversaries to test and verify defenses. It provides a valuable way for organizations to assess the maturity of their security operations center (SOC). Security teams can use the framework to validate their defenses against common attack vectors and identify defensive gaps so they can continuously advance their strategies.

ATT&CK also serves a common language to describe the chain of events in an intrusion, which is very useful when working with security consultants and vendors.

Vectra validated Cognito Detect against the MITRE Enterprise ATT&CK model in a live enterprise environment to determine overall alignment. Cognito Detect covers 57 of 67 (85%) of the network techniques identified by the ATT&CK model, which indirectly exposes techniques that attackers use to compromise endpoints.

Get the MITRE ATT&CK compliance brief

Other standards Vectra Cognito helps with

National Institute of Standards and Technology (NIST)

  • Network metadata is analyzed by behavioral algorithms to detect threats in real time.
  • Nonstop attacker detection in all cloud/data center workloads and user/IoT devices.
  • Detect and prioritize cyberattacks and trigger real-time notifications to security teams.
  • Consistent reporting of threat detections, causes, business impacts, and steps to verify.
Get the NIST compliance brief

General Data Protection Regulation (GDPR)

  • Augment data handling standards by detecting unauthorized access of personal information.
  • Early detection of hidden cyberattacker behaviors that evade security defenses.
  • Meet the 72-hour notification timeframe using rich context about cyberattacks and a forensic trail of evidence.
  • Monitor nonstop all cloud/data center workloads and user/IoT devices for impact assessment.
Get the GDPR compliance brief

Federal Financial Institutions Examination Council (FFIEC)

  • Prioritize and correlate the highest-risk threats with compromised in-scope assets.
  • Early detection of ransomware, other malware variants and hidden attacker behaviors.
  • Real-time detection of suspicious use of admin credentials and data from key in-scope assets.
  • Nonstop detection of attack behaviors in all cloud/data center workloads and user/IoT devices.
Get the FFIEC compliance brief