MA

MITRE ATT&CK

Globally accessible knowledge base of adversary tactics and techniques.

No image available

About

MITRE ATT&CK serves as the industry's most comprehensive framework for understanding adversary behavior in cybersecurity. This globally accessible knowledge base catalogs real-world tactics, techniques, and procedures (TTPs) used by threat actors across various attack scenarios. The framework draws from extensive observations of actual cyber attacks to provide security professionals with actionable intelligence.

The knowledge base organizes adversary behavior into distinct matrices covering enterprise environments, mobile platforms, and industrial control systems. Each matrix details specific tactics that represent the adversary's tactical goals during an attack. Within these tactics, the framework documents hundreds of techniques that describe how adversaries achieve their objectives.

Core components of the framework include:

  • Enterprise Matrix covering Windows, macOS, Linux, and cloud environments
  • Mobile Matrix addressing iOS and Android threat landscapes
  • ICS Matrix focusing on industrial control system attacks
  • Detailed technique descriptions with real-world examples
  • Mitigation strategies and detection recommendations
  • Data sources for identifying malicious activity

Security teams leverage ATT&CK for threat modeling, gap analysis, and adversary emulation exercises. The framework enables organizations to map their current security controls against known adversary techniques. This mapping process reveals coverage gaps and helps prioritize security investments based on actual threat actor capabilities.

Threat intelligence analysts use the framework to structure and communicate threat information consistently. Security vendors integrate ATT&CK mappings into their products to provide context around detected activities. Red teams and penetration testers reference the framework to design realistic attack scenarios that mirror actual adversary behavior.

The framework's collaborative development model ensures continuous updates as new threats emerge. MITRE works with the global cybersecurity community to validate techniques and incorporate new observations. This collaborative approach maintains the framework's relevance as the threat landscape evolves.

ATT&CK has become the de facto standard for describing adversary behavior across the cybersecurity industry. Its structured approach to documenting threats enables better communication between security teams, vendors, and researchers. The framework's widespread adoption facilitates information sharing and collective defense efforts against sophisticated threat actors.