// THREAT DETECTION AND DATA PRIVACY TERM
MITRE ATT&CK
MITRE ATT&CK is a publicly available knowledge base that organizes and describes the tactics, techniques, and procedures (TTPs) used by cyber adversaries during attacks. It helps organizations understand and identify the methods attackers use to compromise systems and networks.
TECHNICAL DEFINITION
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive, globally accessible knowledge base curated by the MITRE Corporation, detailing cyber adversary tactics and techniques observed in real-world attacks. It serves as a foundational framework for threat intelligence, threat modeling, detection engineering, and improving an organization's defensive posture against sophisticated cyber threats.
BACKGROUND
The Mitre Corporation is an American not-for-profit organization with dual headquarters in Bedford, Massachusetts, and McLean, Virginia. It manages federally funded research and development centers (FFRDCs) supporting various U.S. government agencies in the aviation, defense, healthcare, homeland security, and cybersecurity fields, among others.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- ATT&CK framework
- MITRE ATTACK
- ATT&CK matrix
- Adversary tactics knowledge base
USAGE NOTE
Security operations centers and red/blue teams leverage MITRE ATT&CK to map observed adversary behaviors, assess defensive capabilities, and develop more effective cybersecurity strategies.
DEVELOPERS
Organizations developing technology related to MITRE ATT&CK.
The creator and steward of the MITRE ATT&CK framework, MITRE conducts extensive research and development in cybersecurity and directly contributes to the evolution and expansion of the ATT&CK knowledge base.
A leader in cloud-native endpoint protection, CrowdStrike integrates MITRE ATT&CK into its Falcon platform for threat detection, incident response, and adversary intelligence, mapping observed attacker techniques to the framework.
Mandiant offers incident response, threat intelligence, and security validation services that are deeply integrated with the MITRE ATT&CK framework to provide detailed adversary profiles and help organizations understand and defend against real-world threats.
Microsoft's security products, including Microsoft Defender for Endpoint and Azure Sentinel, extensively leverage and map security alerts, analytics, and threat intelligence to the MITRE ATT&CK framework to help customers understand and respond to threats.
AttackIQ provides a breach and attack simulation (BAS) platform that is purpose-built to validate security controls against real-world adversary behaviors described in the MITRE ATT&CK framework, helping organizations measure and improve their cyber defenses.
Splunk's SIEM and SOAR platforms enable organizations to collect, analyze, and visualize security data, often integrating dashboards and analytics that map detected activities and threats directly to MITRE ATT&CK tactics and techniques.
Through its Cortex XDR platform and Unit 42 threat intelligence team, Palo Alto Networks incorporates MITRE ATT&CK to enhance threat detection, investigation, and response capabilities, providing customers with context on adversary techniques.
Elastic Security offers SIEM and endpoint security solutions that deeply integrate MITRE ATT&CK mappings to improve threat detection, hunting, and investigation workflows, allowing users to understand adversary behavior within their environment.