MITRE is a non-profit organization focused on cybersecurity and solving security challenges to create a safer IT environment for organizations. MITRE developed the ATT&CK framework to classify adversarial tactics universally. ATT&CK is also a database that organizations can use to reference and document threat behaviors across the entire attack lifecycle.
The ATT&CK model assigns a unique ID to every adversarial tactic used within the typical process of an intrusion. The tactics help verify the existence of an intrusion, the type of intrusion and a prediction of what will happen next. Security teams can use the tactics when monitoring and responding to incidents.
The tactics are not concrete technologies or actions, but instead, they are conceptual, which means ATT&CK can be used to classify new techniques. Security teams can use ATT&CK for threat intelligence and reporting for a faster, more flexible and more informed approach to cybersecurity.
All the security functionality in Logpoint SIEM and all alerts in UEBA are based on the MITRE ATT&CK framework. Logpoint has developed all queries, as well as future technological enhancements, around the common ATT&CK taxonomy. Alerts in Logpoint are configured to the different stages of the ATT&CK model, making it easier to get situational awareness of the entire system. The advanced threat detection in Logpoint SIEM means that security teams can analyze and report trends and behaviors of entities and users within the organization.