Aligning cyber skills to the MITRE ATT&CK framework: An excerpt

Immersive Labs recently published an eBook on how to use MITRE ATT&CK as part of your cyber skills strategy, to improve your organization’s security posture by identifying weaknesses.

Bill Brenner

MITRE ATT&CK has become the go-to framework to understand and visualize cyber threats and risk. It is particularly valuable for measuring the effectiveness of security technologies and processes, but there are also potential advantages in mapping the skills of security teams with threat actor tactics and techniques in MITRE ATT&CK.

Immersive Labs recently published an eBook on how to seize upon that potential, including tips on how to use MITRE ATT&CK as part of your cyber skills strategy, and how to use it to improve your organization’s security posture by identifying weaknesses.

What follows are some excerpts from the eBook: Aligning cyber skills to the MITRE ATT&CK framework:

What is MITRE ATT&CK?

ATT&CK stands for adversarial tactics techniques & common knowledge The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teams and defenders to help identify attack types and define risk. It began life as an internal project within the organization but has since developed into a comprehensive public knowledge base adopted by numerous security vendors and consultants.

As a knowledge base of cyber-attack tactics, techniques and procedures, MITRE ATT&CK brings structure to the understanding of adversarial behavior. Its organized approach means you can select the attack required to validate your security strategy, and then analyze your defenses in order to expand your security controls rationally. It also helps security management to identify critical problems for remediation quickly. This objective assessment is a data-driven approach to prioritizing and scaling your cybersecurity program and budget.

Making upskilling relevant and rapid

One potential pitfall of implementing ATT&CK as a framework for cybersecurity is its sheer size. To get the most from it, you should focus on relevant tactics and ensure effective security to counter the techniques most applicable to the risks your business faces. For each tactic and technique, ensure you’ve considered the impact of human capabilities in your organization; and where you see gaps, deploy techniques that allow for rapid upskilling.

On-demand and gamified skills development

Practical and on-demand exercises such as simulations and capture the flags (CTFs) can get security professionals hands on with specific techniques, helping to build a culture of continuous skills development. Going beyond static, classroom training is essential. Ensuring security teams develop skills that make them more effective is just one aspect of efficient exercising. It’s just as important to measure and visualize.

Here's a look at how the Immersive Labs platform incorporates MITRE ATT&CK: