Attacks evolve infinitely and cybercriminals are getting more creative every day. As cybersecurity professionals, we need to be experts on the tactics, techniques, and procedures used by the attackers. Fortunately, we don’t need to reinvent the wheel and we can use frameworks that help us with this important task.
MITRE, a non-profit organization managing U.S. federal research centers, started ATT&CK® in 2013 to document the methods used by attackers to perpetrate advanced persistent threats. It is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. One of the reasons for the popularity of the MITRE ATT&CK is its shared language that enables clear communication among the cyber defense community about precise characteristics of a threat.
Tactics: These are the “why” of an attack, it is the goal of the attacker, for example, achieving credential access.
Techniques: These are the “how” of an attack, for example, an adversary may dump credentials to achieve credential access.
Procedures: These are the specific implementations used by the adversary. For example, using PowerShell to inject malicious code into an executable.®
The Matrix categorizes over 200 techniques spread across 12 columns or tactics. The columns are arranged from left to right according to the order in which an attack will generally be carried out. At each stage of the attack, the adversary may use one or more of the listed techniques to carry out that tactic.
Each technique can be expanded to show its description, as well as links to additional research. Following those links will direct you to the MITRE website, where you can dive deeper into the procedures that adversaries have been observed to use in carrying out that technique, as well as notes on its mitigation and detection.
We are thrilled to introduce this new feature (included with Lumu Insights) that is sure to be a game-changer for your cybersecurity team. Lumu automates and operationalizes this framework by presenting the ATT&CK Matrix for each compromise found on the portal, helping organizations spot gaps in defenses, identifying priorities, and making more accurate decisions about approaching risks.
When a compromise is detected, we already show the threat details and Compromise Context for that incident. Now you can navigate to the ATT&CK Matrix tab to see all the relevant tactics and techniques associated with that compromise. Toggling the ‘All’ button expands the entire matrix, for easy visualization of where this incident falls within the chain of events of the attacker’s incursion.
Please note that the ATT&CK matrix is a reference guide for TTPs typically associated with specific compromises. Therefore, it does not necessarily mean that all the highlighted techniques are being carried out by the adversary.
If you are a CISO / Cybersecurity Director / Manager, you can:
If you are a cybersecurity operator, you can:
If you are a Lumu Insights customer, you are in luck! This capability is included in your current subscription. You can start enjoying the benefits of this matrix, by clicking here.
If you are a Lumu Free customer, we invite you to upgrade your account to access this feature, obtain additional correlation capability, and overall better compromise detection. You can request your upgrade here.
Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…
Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…
Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…
Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…
Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…
Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…