Read about a different threat hunting technique using the MITRE ATT&CK model.
Register for an interactive and self-guided tour of Cognito Detect.
Learn why you should use the MITRE ATT&CK framework for threat hunting.
To catch a thief, you must think like a thief.
ATT&CK takes the perspective of the adversary
The MITRE ATT&CK framework takes the perspective of the adversary, so defenders can more easily follow an adversary’s motivation for individual actions and understand how those actions and dependences relate to specific classes of defenses.
The network never lies
Attackers use Power Automate to exfiltrate sensitive data to other cloud services that look benign
NDR provides coverage
Misconfigurations in cloud software, infrastructure, and platforms are easy entry for attacks
By associating your threat hunts with known threat actor objectives, techniques and tactics, you’ll begin to think of threat hunting not as a singular activity but rather in the of how an attacker may achieve that objective within your environment."
Matt Bromiley
Certified instructor
SANS
Cognito Detect from Vectra is the fastest, most efficient way to find and stop cyberattacks in public clouds, private data centers and enterprise environments.
It uses artificial intelligence to deliver real-time attack visibility and put attack details at your fingertips.
Cognito Detect covers 97% of the network techniques identified by the MITRE ATT&CK model, which indirectly exposes techniques that attackers use to compromise endpoints