Understanding Cybersecurity Attacks
Implement Better Defenses with MITRE ATT&CK
6 min readFeb 12, 2023
Introduction:
MITRE ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge. It is a knowledge base of attack tactics and techniques that can be used to form threat models for the public or private sectors. ATT&CK is commonly used for detections, threat intelligence, adversary emulation (red teaming), and assessment.
Throughout the MITRE ATT&CK Framework, we’ll hear the term “adversary.” An adversary is an opponent or enemy. Typically, the adversary is Red Team, but the Blue Team can use MITRE ATT&CK to detect, mitigate, and understand attacks.
Since I’m primarily blue team, we’ll assume the someone is trying to attack our enterprise.
Tactic vs Technique:
- Tactic: What the attacker is trying to achieve — overall goal.
- Technique: What the attacker does to achieve the tactic — actions taken to achieve goal.
