Get a demo
PlatformPartnersCompanyBlog
Frameworks

MITRE ATT&CK

MITRE ATT&CK

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive knowledge base and framework that catalogues cyber adversary behavior across the entire attack lifecycle, from initial access to impact.

Overview

Developed by MITRE Corporation, ATT&CK provides a common language for describing adversary actions. It is widely used by security teams to understand threats, map defenses, and improve detection capabilities.

Structure

The framework is organized into several matrices:

  • Enterprise: Covers Windows, macOS, Linux, Cloud, and Network platforms
  • Mobile: Covers Android and iOS platforms
  • ICS: Covers Industrial Control Systems

Tactics (The "Why")

Tactics represent the adversary's tactical objectives — the reason for performing an action. Examples include Initial Access, Persistence, Lateral Movement, and Exfiltration.

Techniques (The "How")

Techniques describe how adversaries achieve their tactical objectives. Each tactic contains multiple techniques, and some techniques have sub-techniques providing additional granularity.

Why It Matters

ATT&CK enables organizations to:

  1. Map their detection coverage against known adversary behaviors
  2. Identify gaps in visibility and detection
  3. Communicate threats using a standardized vocabulary
  4. Benchmark security capabilities against real-world threats

Related Terms

Related Reading

Blog

Honey, I shrunk the SOC: Measuring Threat Visibility with MITRE ATT&CK(R)

We are excited to partner with Tidal Cyber and release our repository of attack simulations on the Tidal platform to help pave the way forward for operationalizing threat-informed defense.

Comparison

MITRE ATT&CK vs NIST Cybersecurity Framework: Comparing Security Frameworks

Understand the differences between MITRE ATT&CK and NIST Cybersecurity Framework, their complementary roles, and how to leverage both for comprehensive security.

Blog

Rhysida Ransomware: History, TTPs and Adversary Emulation Plans

Rhysida is a new player in the Ransomware space, first appearing in May 2023, and has been targeting industries all across the globe. In recent months, Rhysida has run campaigns compromising and extorting organizations from the government, education, healthcare, IT, and manufacturing sectors. Rhysida emerged in the Ransomware Space with a high-profile attack on the Chilean army. The group currently has more than 50 victims listed on its leak site.

Glossary

Attack Surface Management (ASM)

Attack Surface Management is the continuous, automated process of discovering, inventorying, classifying, assessing, and monitoring all external-facing assets and exposure points across an organization's digital footprint.

← Back to Glossary