I want to congratulate my friends at MITRE who were recently recognized as a finalist for the GCN DIG IT Award in the category of CyberSecurity. The GCN Dig IT Awards celebrate discovery and innovation in government IT. MITRE was recognized won for their Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) behavioral model, the first detailed framework to describe the actions a malicious cyber actor takes once inside a network.
ATT&CK grew out of MITRE’s previous cybersecurity research and is an excellent example of learning to understand post-exploitation tactics and techniques and provides important info about how hackers breached your organization as well as subsequent movement internally.
ATT&CK is a great example of an offensive strategy that can provide valuable info that dictates defensive moves needed to protect an organization going forward. In many cases, this defensive strategy involves architecting security into your operations, such as a Software Defined Perimeter (SDP), to stop attacks.
For more information, check out this white paper on Software Defined Perimeters