LogPoint and MITRE ATT&CK framework
What is the MITRE ATT&CK framework?
MITRE is a non-profit organization focused on cybersecurity and solving security challenges to create a safer IT environment for organizations. MITRE developed the ATT&CK framework to classify adversarial tactics universally. ATT&CK is also a database that organizations can use to reference and document threat behaviors across the entire attack lifecycle.
MITRE ATT&CK tactics and techniques
The ATT&CK model assigns a unique ID to every adversarial tactic used within the typical process of an intrusion. The tactics help verify the existence of an intrusion, the type of intrusion and a prediction of what will happen next. Security teams can use the tactics when monitoring and responding to incidents.
The tactics are not concrete technologies or actions, but instead, they are conceptual, which means ATT&CK can be used to classify new techniques. Security teams can use ATT&CK for threat intelligence and reporting for a faster, more flexible and more informed approach to cybersecurity.
Situational awareness of your entire infrastructure
All the security functionality in LogPoint SIEM and all alerts in UEBA are based on the MITRE ATT&CK framework. LogPoint has developed all queries, as well as future technological enhancements, around the common ATT&CK taxonomy. Alerts in LogPoint are configured to the different stages of the ATT&CK model, making it easier to get situational awareness of the entire system. The advanced threat detection in LogPoint SIEM means that security teams can analyze and report trends and behaviors of entities and users within the organization.
LogPoint MITRE ATT&CK navigator
Learn more about ATT&CK tactics and techniques and how they trigger inside LogPoint.
Alerts are based on a standard framework, making it easier for analysts to detect malicious activity
The ATT&CK steps are sequential, so analysts can predict an adversary’s actions and be one step ahead in the investigation
Comprehensive risk assessment
It’s much easier to map security coverage and risks when your defenses are all based on the same taxonomy
Understand the adversary
Security teams can create a more effective defense to protect their system. ATT&CK helps teams understand the adversary and how they operate
Minimize skills gap
The ATT&CK framework gives junior security analysts without much experience a knowledge base to figure out how to investigate and respond to incidents
Cohesive defense strategy
You can integrate ATT&CK with other security tools and services to standardize your entire infrastructure for a more effective cybersecurity defense
A blueprint for attack techniques
The LogPoint ATT&CK navigator has more information about the tactics and techniques and indicates which are covered by LogPoint SIEM and LogPoint UEBA. Techniques represent how an adversary achieves an objective. Security analysts can use the navigator to match LogPoint alerts with their relevance to ATT&CK, from initial access to privilege escalation to lateral movements to data exfiltration.
What are the MITRE ATT&CK tactics?
The MITRE ATT&CK framework represents the very lifecycle of a threat. If the threat is an advanced persistent threat (APT), a criminal effort or anything else, it fits on the framework, helping analysts understand the attack. MITRE has identified the following tactics, which are threat actors’ high-level objectives or goals:
- Initial access
- Privilege Escalation
- Defense Evasion
- Credential Access
- Lateral Movement
- Command and Control