//MITRE ATT&CK framework

LogPoint and MITRE ATT&CK framework

What is the MITRE ATT&CK framework?

MITRE is a non-profit organization focused on cybersecurity and solving security challenges to create a safer IT environment for organizations. MITRE developed the ATT&CK framework to classify adversarial tactics universally. ATT&CK is also a database that organizations can use to reference and document threat behaviors across the entire attack lifecycle.

MITRE ATT&CK tactics and techniques

The ATT&CK model assigns a unique ID to every adversarial tactic used within the typical process of an intrusion. The tactics help verify the existence of an intrusion, the type of intrusion and a prediction of what will happen next. Security teams can use the tactics when monitoring and responding to incidents.

The tactics are not concrete technologies or actions, but instead, they are conceptual, which means ATT&CK can be used to classify new techniques. Security teams can use ATT&CK for threat intelligence and reporting for a faster, more flexible and more informed approach to cybersecurity.

Situational awareness of your entire infrastructure

All the security functionality in LogPoint SIEM and all alerts in UEBA are based on the MITRE ATT&CK framework. LogPoint has developed all queries, as well as future technological enhancements, around the common ATT&CK taxonomy. Alerts in LogPoint are configured to the different stages of the ATT&CK model, making it easier to get situational awareness of the entire system. The advanced threat detection in LogPoint SIEM means that security teams can analyze and report trends and behaviors of entities and users within the organization.

LogPoint MITRE ATT&CK navigator

Learn more about ATT&CK tactics and techniques and how they trigger inside LogPoint.

LogPoint SIEM Threat Detection

Faster detection

Alerts are based on a standard framework, making it easier for analysts to detect malicious activity

LogPoint Event Time Icon

Faster response

The ATT&CK steps are sequential, so analysts can predict an adversary’s actions and be one step ahead in the investigation

LogPoint Risk Icon

Comprehensive risk assessment

It’s much easier to map security coverage and risks when your defenses are all based on the same taxonomy

LogPoint Threat Icon

Understand the adversary

Security teams can create a more effective defense to protect their system. ATT&CK helps teams understand the adversary and how they operate

LogPoint SIEM Security Analyst Resource

Minimize skills gap

The ATT&CK framework gives junior security analysts without much experience a knowledge base to figure out how to investigate and respond to incidents

Cyber Security Icon

Cohesive defense strategy

You can integrate ATT&CK with other security tools and services to standardize your entire infrastructure for a more effective cybersecurity defense

A blueprint for attack techniques

The LogPoint ATT&CK navigator has more information about the tactics and techniques and indicates which are covered by LogPoint SIEM and LogPoint UEBA. Techniques represent how an adversary achieves an objective. Security analysts can use the navigator to match LogPoint alerts with their relevance to ATT&CK, from initial access to privilege escalation to lateral movements to data exfiltration.

LogPoint SIEM MITRE ATTACK Framework Navigator

What are the MITRE ATT&CK tactics?

The MITRE ATT&CK framework represents the very lifecycle of a threat. If the threat is an advanced persistent threat (APT), a criminal effort or anything else, it fits on the framework, helping analysts understand the attack. MITRE has identified the following tactics, which are threat actors’ high-level objectives or goals:

  • Initial access
  • Execution
  • Persistence
  • Privilege Escalation
  • Defense Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Collection
  • Command and Control
  • Exfiltration
  • Impact