According Cybersecurity and Infrastructure Security Agency (CISA)
understanding opponent’s behavior is often the first step in protecting networks and data. The success of network defenders in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® framework is a globally accessible knowledge base of opponent’s tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, cybersecurity product and service community. ATT&CK is free and accessible to any individual or organization in the hope of bringing communities together to develop more effective cybersecurity.
CISA uses ATT&CK as a lens through which to identify and analyze attacker behavior. ATT&CK provides details on over 100 threat actor groups, including the techniques and software they are known to use. (Note: Not all adversary behavior is documented in ATT&CK). ATT&CK can be used to identify defensive gaps, assess security tool capabilities, organize detections, research threats, participate in red team activities, or validate mitigation controls.
The Best Practices for MITRE ATT&CK Mapping guide provides network defenders with clear guidance, examples, and step-by-step instructions to better use MITRE ATT&CK when analyzing and reporting cybersecurity threats. This will improve defenders’ ability to proactively detect adversary behavior and supports robust, contextual, two-way information sharing to help strengthen the security of our systems, networks and data. CISA developed this guide in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), which worked with the MITRE ATT&CK team. Source: CISA