What is the MITRE ATT&CK Framework?
The MITRE ATT&CK Framework is a comprehensive matrix of cyber adversary tactics and techniques designed to give defenders, threat hunters, and red teams a common understanding of the attacks they encounter every day. It helps identify, attribute, and even defend against threat actors. It has truly become the de facto model used by cybersecurity teams across the globe.
While the MITRE ATT&CK Framework empowers and informs organizations through a better understanding of the threat landscape, it also provides security teams a means to measure their own security programs and tools, both operational and strategic, to better recognize gaps and vulnerabilities. This enables them to enrich and mature their programs to create more manageable attack surfaces and better-defined risk postures.
“Even as the MITRE ATT&CK Framework has proven incredibly effective, it’s continuously updated by diligent researchers,” notes Will Gragido, head of the NetWitness FirstWatch Threat Research and Intelligence team. “Its popularity and adoption rate show no signs of slowing — a real testament to its thoughtful design and genuine actionability.”
NetWitness FirstWatch Maps Threat Intelligence Content to the MITRE ATT&CK Framework
The NetWitness FirstWatch team constantly researches the cyber threat landscape and produces threat intelligence work products that include machine-readable detection content, blogs, and white papers. The team maps everything it produces against the MITRE ATT&CK Framework to bring NetWitness customers and the broader market a comprehensive and easy-to-understand alignment of its content across the entire NetWitness XDR platform, including NDR, SIEM, and EDR product offerings.
“We continually mature our capabilities to provide quality-driven, actionable threat intelligence content for our customers,” says Tod Ewasko, NetWitness Chief Product Officer.
Why Mapping to the Framework Matters
Alignment to the MITRE ATT&CK Framework is increasingly important as organizations and security teams utilize the near-universally adopted knowledge base to better manage their cyber risk and to inform their post-incident strategy for detection and investigation. NetWitness customers can benefit from:
- Reduced complexity and improved usability. Mapping to the framework makes it easier for analysts, especially junior teams, to readily access and understand NetWitness content so they can help support, protect, and defend their environment.
- Greater efficiency, streamlined processes, and better communication. The framework helps the SOC predictably and consistently understand activity in their environment in the context of a widely accepted definition set, which improves communication and creates a consistent nomenclature for both technical and non-technical teams to understand.
- Deeper coverage from NetWitness. Alignment to the MITRE ATT&CK Framework lets our users easily map machine-readable threat intelligence to a trusted resource to identify threats. Our FirstWatch team is committed to ongoing updates and enhancements to our mapping to drive value for our customers.
Where to Find the NetWitness MITRE ATT&CK Content Mapping
Real-time mapping of NetWitness content against the MITRE ATT&CK Framework can be found here. Use it to locate and understand valuable NetWitness content for a variety of use cases, and to reduce the barrier of complexity of threat detection for less experienced users without diminishing value for more senior users.