The ATT&CK model assigns a unique ID to every adversarial tactic used within the typical process of an intrusion. The tactics help verify the existence of an intrusion, the type of intrusion and a prediction of what will happen next. Security teams can use the tactics when monitoring and responding to incidents.
The tactics are not concrete technologies or actions, but instead, they are conceptual, which means ATT&CK can be used to classify new techniques. Security teams can use ATT&CK for threat intelligence and reporting for a faster, more flexible and more informed approach to cybersecurity.