Alessandra Peters

06/07/2022

Automating the MITRE ATT&CK Framework

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Actionable intelligence through automation

The MITRE ATT&CK Framework does a fantastic job of explaining adversary tactics and techniques in detail, giving the industry a better grasp on attacker behaviour and intentions. But to make this information actionable at scale, organisations need a method of understanding and modelling behaviour across their entire digital estate. 

Manually mapping the behaviour of every event, log, or alert in your environment to the MITRE ATT&CK framework is unthinkable. It would be an arduous task, prone to mistakes, and difficult to glean actionable intelligence. 

The power of automation, however, can transform the lives of security professionals. An intelligent system that can understand and distinguish between malicious and benign activity across the organisation also brings many benefits. We are now at a point where security professionals can rely on the automation of detection, classification, investigation, and response. 

From inception, Senseon integrated the MITRE ATT&CK framework into its automated threat detection, investigation, and response platform. The Senseon team were keen to further empower security professionals by arming them with the context to better understand their environments and attacker behaviour. 

Within the Investigate view, the Threat Techniques widget shows a natural language description of the technique from the MITRE ATT&CK framework. Cases with several security observations are likely to contain multiple and differing techniques. As an analyst clicks through the various stages of an attack, they can understand how each security observation relates to the relevant techniques that attackers deploy. This further helps to explain the narrative of attacker behaviour. Analysts can click directly through to the MITRE ATT&CK website to find out more about each technique.

Benefits of SenseOn 

Sign up to our newsletter

Join thousands of like-minded professionals who are already 
receiving our blog updates and best practice guides.