MITRE Framework
BSides:Munich 2022 – Marcus Osterloh’s ‘Measuring Cyber Defense With The MITRE Framework’
Our thanks to BSides Munich for publishing their Presenter’s BSides:Munich 2022 outstanding security videos on the organization’s’ YouTube channel. Permalink ...
5 Things to Do with MITRE ATT&CK – Tips and Tricks Special
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns. The original impetus for the project ...
MITRE ATT&CK July 2020 Update: Sub-Techniques!
The highly anticipated structural update to the MITRE ATT&CK framework was released July 8th, 2020. After a quiet first half of the year, it appears the ATT&CK team has been putting in ...
MITRE Releases an Update to The Common Weakness Enumeration (CWE)
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source ...
Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim ...
The MITRE ATT&CK Framework: Impact
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may ...
Introducing the New MITRE ATT&CK Framework for Industrial Control Systems
On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility ...
MITRE ATT&CK October Update: Extending to the Cloud
MITRE’s ATT&CK framework is ever evolving. The latest October update extends enterprise coverage to the cloud and adds a considerable list of cloud-specific adversarial techniques. The cloud has seen phenomenal growth over ...
ATT&CK Structure Part II: From Taxonomy to Ontology
In Part I, I described some structural problems in MITRE’s ATT&CK adversarial behavior framework. We looked at a couple of examples of techniques that vary greatly in terms of abstraction as well ...
ATT&CK Structure Part I: A Taxonomy of Adversarial Behavior
Following last year’s exceedingly successful inaugural MITRE ATT&CK™ conference, this year’s highly anticipated ATT&CKcon 2.0 conference will be held from Oct 28-30 at MITRE’s McLean headquarters. MITRE’s always open to hearing feedback ...