Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Best practices in applying MITRE ATT&CK to your organizational security

By Ganesh Pai
cyber security network
January 29, 2021

The cybersecurity industry has embraced MITRE ATT&CK for good reason: it provides security leaders and practitioners an objective, third-party standard with which to evaluate their own detection coverage and EDR solutions. But even while they recognize the value, many organizations are unsure about what specific steps they should take to fully benefit from MITRE ATT&CK.

First, we should cover a few basics about the MITRE ATT&CK framework. Introduced in 2015, MITRE ATT&CK provides a structure for understanding attacker behavior. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge—it standardizes descriptions of attacker behavior. MITRE maintains separate ATT&CK matrices for enterprise, cloud, and industrial control system (ICS) environments. According to a September 2020 study by UC Berkeley, 81% of surveyed organizations use at least one of the ATT&CK matrices.

ATT&CK went beyond the Cyber Kill Chain trademarked by Lockheed Martin in 2011. The key advantage of ATT&CK is that it describes the techniques used by attackers as they progress through an attack, enabling red teams to reproduce attack behavior seen by various threat groups and enabling blue teams to test their detection coverage for these behaviors.

Another key difference between ATT&CK and the Cyber Kill Chain is that ATT&CK focuses more on the post-compromise lateral movement of an attacker who has successfully penetrated perimeter defenses. This makes ATT&CK more suitable for designing defenses against outside attackers that have succeeded in stealing legitimate credentials and insider threats.

Here are the best practices in applying ATT&CK to your organizational security.

1. Use ATT&CK to better understand your threat model, specifically how specific threat groups are likely to go about penetrating your organization. ATT&CK documents how various threat groups go about their operations, cataloging the specific techniques they’ve been observed using in the field. This information is driven by community contributions and allows users to understand how these techniques are executed by various malware and exploits.

Based on your unique organizational profile, you can prioritize your detection efforts. Prioritization is important because organizations have limited resources and need to know where to focus. Each organization’s risk profile will be different based on their environment, the data they must protect, the industry regulations they are subject to, and the threat groups that are targeting them. For example, a financial services group would be able to see which threat groups target businesses like them, and then understand the techniques they need to prioritize for detection.

2. Use ATT&CK to evaluate vendor capabilities. After you’ve built your threat model, you can then use the ATT&CK framework to compare your organization’s detection requirements against the capabilities of various vendors. MITRE facilitates this comparison with its ATT&CK evaluations.

For each of the past three years, MITRE has invited security vendors to participate in an evaluation to see what attack behaviors they can detect, and at what level of detail. Each year, MITRE uses the techniques favored by different attack groups. For the 2020 evaluations, MITRE is comparing vendor detection capabilities for the FIN7 and Carbanak threat groups, which primarily target retail and financial services providers.

You can measure the efficacy of any EDR solution you’re considering with these evaluations. They put vendors on an even playing field, and give decision makers a quantitative alternative to complement the more qualitative analyst reports.

One vendor’s capabilities may not provide sufficient detection coverage for your organization’s risk profile. In that case, you will need to decide whether to purchase complementary solutions or develop other compensating controls.

3. Use ATT&CK to make your security analysts’ jobs easier. By incorporating ATT&CK into your detection workflow, you can give your security analysts more context around detections. If your detection product maps alerts to the ATT&CK framework, analysts can easily understand the progression and potential severity of an attack. This is incredibly important because time is an analyst’s most valuable commodity. More context saves them time in deciding whether an alert is legitimate, and if deemed legitimate, context also helps the analyst understand the severity and scope of the attack.

MITRE ATT&CK represents an important step forward in transparency for the cybersecurity industry. Security leaders and practitioners should take advantage of this trusted standard to understand their threat profile, evaluate EDR solutions, and equip analysts with the context needed to make faster, more accurate decisions.

KEYWORDS: cyber security MITRE risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ganesh pai

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue. Prior to Verivue, he was Principal Architect for NetDevices. Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud security freepik

    CASB, CWPP, CSPM, and CNAPP: Which one is right for securing your cloud environment?

    See More
  • software supply chain

    It’s time to talk about securing your innovation supply chain

    See More
  • The MITRE Corporation has a lab in the FAA-sponsored Center for Advanced Aviation System Development FFRDC

    Study finds MITRE ATT&CK improves cloud security, yet security leaders struggle to implement it

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • April 23, 2025

    Employee Perceptions of Workplace Safety in 2025

    ON DEMAND: Workplace safety continues to be a critical concern in 2025, with employees across industries expressing growing concerns about their safety at work.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing