Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Intro to Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™ Series)
Attack and Penetration consultants strive to stay current and knowledgeable in all of the current trends, both from an offensive security perspective, as well as a defensive mitigation and remediation perspective. You may have missed our previous blog series Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker, where we reviewed the updated Center for Internet Security (CIS) Critical Security Controls (CSC) from the perspective of offensive security professionals with the intention of educating organizations of controls that exist. This series is also focused on the risk associated with attacks which leverage vulnerabilities that could have been mitigated through the implementation of a control.
What is ATT&CK
In this new series, we will be reviewing MITRE’s National Cybersecurity Federally Funded Research and Development Centers (FFRDC’s) Adversarial Tactic, Techniques, and Common Knowledge (ATT&CK) repository of collected cyber security data. ATT&CK bridges the gap between multiple offensive security data points, including Tactics, Techniques, Tools, and identified malicious Advanced Persistent Threat actors. The creation of most of this framework comes from an interesting project executed by Blake Storm, of MITRE, called project FMX (Fort Meade eXperiment). In this project, a production network was attacked by Blake and other security professionals which impersonated adversarial groups' tactics and techniques. By leveraging data points collected on the network, Blake was able to construct a large part of the ATT&CK framework that could be leveraged by offensive as well as defensive security professionals, to map potential offensive tactics and techniques.
The ATT&CK Navigator
By far, the best way to disseminate the entirety of the ATT&CK project is through the ATT&CK Navigator. The ATT&CK Navigator allows users to filter, drill down, build potential attack chains, and view cross-tactic techniques. This is particularly helpful for defensive security professionals in creating potential incident response attack scenarios. Teams could play through scenarios of how an attack could unfold by chaining together several different techniques, creating an attack chain. From an offensive security perspective, it allows teams to “look ahead” or “brainstorm” ways to demonstrate impact and risk within their penetration tests.
Purpose of the Series
The purpose of this series is to rely on Optiv Attack and Pen's experience performing adversarial threat assessments, and analyze the techniques of each tactic, in attempt to bring attention to the most commonly leveraged methods we employ as offensive security professionals. There are currently 219 techniques across ATT&CK’s 11 tactics; this is an enormous amount of information to consume, and even more so to implement mitigations around. We hope that security teams will benefit from the information in this series regarding the common attack techniques, however we encourage those teams to not stop there. Teams should continue to enhance their security by drilling into the ATT&CK matrix to develop as many attack mitigations as possible.
So now that we have defined what ATT&CK is, our next post we will cover the Initial Access Tactic and will examine the following tactics that attackers can use to gain a foothold into your environment:
Read more in Optiv’s ATT&CK series. Here's a review of related posts on this critical topic:
Let us know what you need, and we will have an Optiv professional contact you shortly.