Photo by Artem Bryzgalov on Unsplash

Attack and defense techniques

Cybersecurity Know-How

Article from ADMIN 67/2022

By Matthias Wübbeling

The MITRE ATT&CK and D3FEND knowledge databases provide useful techniques for securing your IT infrastructure.

IT security affects many different areas of a company. Trying to identify possible attack vectors for each area in advance and protect the IT infrastructure with effective countermeasures can be a Sisyphean task, especially for companies without a Security Operation Center (SOC). When it comes to implementing security measures, knowledge and experience are important.

MITRE, a nonprofit organization that operates various research facilities on behalf of the U.S. government, provides comprehensive information on IT security. MITRE developed the CVE system, for identifying and assigning unique identifiers to vulnerabilities, and also developed STIX and CyBox, which are used to exchange threat information and attack indicators.

The MITRE ATT&CK and D3FEND knowledge databases offer techniques that let you retrace an attacker's steps, as well as prevent attacks in the first place. Here's how to use these techniques to secure your enterprise IT.

ATT&CK

Released to the public in 2015, MITRE's ATT&CK framework provides a knowledge database of attack techniques and methods enriched with details about hacker groups and their individual procedures. For an initial overview of the knowledge base, visit the ATT&CK website [1] and Matrices in the top menubar. In the sidebar on the left, the ATT&CK dataset is broken down by Enterprise (enterprise IT), Mobile (smartphones), and ICS (industrial control systems). Both Enterprise and Mobile are directly integrated into the interface, while ICS currently still links to a wiki with more information.

The matrices, sorted chronologically, are based on Lockheed Martin's Cyber Kill Chain [2]. For the Enterprise Matrix, you'll find preparatory techniques in the

...

Use Express-Checkout link below to read the full article (PDF).