Cyber attackers have been performing cyber attacks on systems using the attack vectors of the time since digital systems existed. In the past, cyber attacks consisted of simple and understandable attack methods, as there were no complex and large digital systems. But over time, digital systems have grown and evolved into more complex digital structures, so cyber attacks have also become more difficult to understand with advanced methods. This also makes the detection of cyber attacks difficult. Today, in order to fully understand a cyber attack, it is necessary to model the steps and details of cyber attacks in a way that is suitable for certain groups. One of the important frameworks that meets this modeling need is the MITRE ATT&CK framework.
In this training, the MITRE ATT&CK Framework, an important structure for SOC analysts, will be covered. This is an entry-level training that consists mainly of theoretical knowledge. SOC candidates will have a thorough knowledge of the MITRE ATT&CK Framework at the end of the training and are recommended to complete the topics in this training without skipping any parts.
MITRE was founded in 1958 in the USA as an organization that produces innovative solutions to advance national security and serve the public interest as an independent adviser. MITRE's areas of work include Cybersecurity, Aerospace, AI & Machine Learning, Aviation & Transportation, Defense & Intelligence, Government Innovation, Health, Homeland Security, and Telecom.
(Image Source: mitre.org)
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge database framework introduced by MITRE in 2013. It has been continuously developed and expanded alongside technological advances. The framework enables systematic analysis of cyber attacks by breaking them down into distinct stages. These stages can be analyzed in depth and applied to cybersecurity studies. The MITRE ATT&CK Framework serves as an essential resource for cybersecurity professionals.
(Image Source: mitre.org)
The MITRE ATT&CK Framework provides detailed coverage of each cyber attack step, allowing SOC Analysts to clearly understand and reference the necessary actions for each attack stage. This enables more effective use of attack detection and mitigation techniques, attack mapping, detailed reporting, and archiving of attack details for future reference. The framework's clear attack roadmap also enables research into potential future cyber attacks, helping develop preventive measures and detection methods.
In this part of the training, we have covered what MITRE is, what the MITRE ATT&CK Framework is, and its importance for SOC Analysts. We will cover the topic "Matrix" in the next chapter of our training.
In what year was MITRE founded? 1958
In what year was the MITRE ATT&CK Framework started to be developed? 2013