Jen Burns, lead cybersecurity engineer at MITRE, walks us through the MITRE ATT&CK© Framework and discusses some important changes brought by a July 2020 update. She then highlights what the security community can expect to see in a couple of upcoming updates before sharing how individuals can get involved with the MITRE ATT&CKFramework going forward.

Listen on Google Play Music

Spotify: https://open.spotify.com/episode/2wfxjcCM7Mh3pSLKxO4eBS
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3

 

Tim Erlin: Welcome to the Tripwire Cybersecurity Podcast. I’m Tim Erlin, vice president of product management and strategy at Tripwire. Today, I am joined by Jen Burns, who is a lead cybersecurity engineer at MITRE and the cloud lead for the MITRE ATT&CK Framework. Welcome, Jen.

Jen Burns: Thank you.

What Is the MITRE ATT&CK Framework?

TE: Before we get started, can you give us a brief reminder of what the ATT&CK Framework is and why MITRE created it?

JB: At its core, ATT&CK is a knowledge base of adversary behavior. It’s a framework that brings together the different things that adversaries do whether it’s before they’ve compromised the network, how they get in or what they do after they’ve gotten in.

One of the most important things about ATT&CK is that it’s based on real world or what we call “in the wild” observation of adversaries. So, it’s not theoretical, and it doesn’t cover like everything that an adversary could do. It covers what adversaries are doing or have done in the real world. It’s also open source and globally accessible. And a lot of its content is community-driven and contributed from people like researchers, intel analysts and other folks outside of MITRE.

ATT&CK was originally developed based on this need to categorize adversary behavior within a research environment at (Read more...)