MITRE ATT&CK® Matrix is Now Included in Lumu

The powerful MITRE ATT&CK Matrix is now integrated into the Lumu Portal, making it possible to see relevant TTPs for all detected compromises.

Attacks evolve infinitely and cybercriminals are getting more creative every day. As cybersecurity professionals, we need to be experts on the tactics, techniques, and procedures used by the attackers. Fortunately, we don’t need to reinvent the wheel and we can use frameworks that help us with this important task. 

What is MITRE ATT&CK®?

MITRE, a non-profit organization managing U.S. federal research centers, started ATT&CK® in 2013 to document the methods used by attackers to perpetrate advanced persistent threats. It is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. One of the reasons for the popularity of the MITRE ATT&CK is its shared language that enables clear communication among the cyber defense community about precise characteristics of a threat.

What are tactics, techniques, and procedures?

Tactics: These are the “why” of an attack, it is the goal of the attacker, for example, achieving credential access.

Techniques: These are the “how” of an attack, for example, an adversary may dump credentials to achieve credential access.

Procedures: These are the specific implementations used by the adversary. For example, using PowerShell to inject malicious code into an executable.®

The MITRE ATT&CK Matrix is automated in Lumu, allowing organizations to optimize security operations

How to Interpret the ATT&CK® Matrix

The Matrix categorizes over 200 techniques spread across 12 columns or tactics. The columns are arranged from left to right according to the order in which an attack will generally be carried out. At each stage of the attack, the adversary may use one or more of the listed techniques to carry out that tactic.

Each technique can be expanded to show its description, as well as links to additional research. Following those links will direct you to the MITRE website, where you can dive deeper into the procedures that adversaries have been observed to use in carrying out that technique, as well as notes on its mitigation and detection.

 

Introducing the automated ATT&CK® Matrix

We are thrilled to introduce this new feature (included with Lumu Insights) that is sure to be a game-changer for your cybersecurity team. Lumu automates and operationalizes this framework by presenting the ATT&CK Matrix for each compromise found on the portal, helping organizations spot gaps in defenses, identifying priorities, and making more accurate decisions about approaching risks.

When a compromise is detected, we already show the threat details and Compromise Context for that incident. Now you can navigate to the ATT&CK Matrix tab to see all the relevant tactics and techniques associated with that compromise. Toggling the ‘All’ button expands the entire matrix, for easy visualization of where this incident falls within the chain of events of the attacker’s incursion.

Please note that the ATT&CK matrix is a reference guide for TTPs typically associated with specific compromises. Therefore, it does not necessarily mean that all the highlighted techniques are being carried out by the adversary.

The Lumu Portal integrates the MITRE ATT&CK Matrix by displaying the relevant adversarial techniques for every detected compromise

If you are a CISO / Cybersecurity Director / Manager, you can:

  • Strategically evaluate defenses and prioritize security investments.
  • Plan red team tests of your organization’s cyber preparedness against its most relevant adversarial TTPs.
  • Help blue teams tune cyberdefenses and response capabilities with factual data. 

If you are a cybersecurity operator, you can: 

  • Operationalize the MITRE ATT&CK framework into your incident response playbooks.
  • See where the incident fits into the attacker’s overall incursion.
  • Perform faster and more precise threat hunting operations.
  • Understand how each threat operates and what its end goal is.
  • Identify opportunities for expanding your knowledge, based on relevant threats

 

How do I gain access to the automated MITRE ATT&CK® Matrix?

If you are a Lumu Insights customer, you are in luck! This capability is included in your current subscription. You can start enjoying the benefits of this matrix, by clicking here

If you are a Lumu Free customer, we invite you to upgrade your account to access this feature, obtain additional correlation capability, and overall better compromise detection. You can request your upgrade here.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post

RELATED POSTS

lumu and fortinet
Technical

Lumu and Fortinet Simplify Incident Response Automation

Reading Time: 2 minsAs a partner in Fortinet’s Fabric-Ready Partner Program, Lumu delivers automated attack detection and response across the network. See how to integrate Lumu Defender with Fortinet’s FortiGate NGFW.

Join our pre-day 
workshop waitlist

  • By clicking “Submit Request” you agree to the Lumu Terms of Service and Privacy Policy.