Biology, zoology, and related sciences have a tool to help scientists around the world communicate with one another: scientific names. These scientific names, generally rooted in Latin, provide a common set of terms for animals, plants, virii, and other living things. When it comes to cybersecurity, though, things are a bit less rigorous, and creativity can be the enemy of precision. That's where the MITRE ATT&CK framework comes in.
At its heart, ATT&CK is a database of the tools and techniques hackers use to attack, damage, and disrupt computer operations. Displayed as a grid, ATT&CK shows the various stages of an attack and the tools that can be used for each one. It does so in a language that can be understood among researchers in different departments, on different continents, and who speak different languages.
Ryan Kovar, principal security strategist at Splunk, says he has seen companies around the world use ATT&CK in their security work. "The people who are using it now are taking the taxonomy from ATT&CK, changing it to meet their needs, and then using it to describe, across multiple teams, what's going on," he says.
The common language is critical, says Katie Nickels, MITRE threat intelligence lead. "The common framework can provide a way to talk about the threats among different groups and defenders," she says. "With the common language, it can be used for red teams to decide what they're going to be doing. They all kind of work together."
One of the points both Nickels and Kovar stress i ..
Support the originator by clicking the read the rest link below.
