{"id":24838,"date":"2021-11-10T15:38:40","date_gmt":"2021-11-10T15:38:40","guid":{"rendered":"https:\/\/cyberleadershipinstitute.com\/?page_id=24838"},"modified":"2023-01-29T10:56:56","modified_gmt":"2023-01-29T10:56:56","slug":"threat-preparedness-using-mitre-attck-2","status":"publish","type":"page","link":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/","title":{"rendered":"Threat Preparedness Using MITRE ATT&CK\u00ae"},"content":{"rendered":"

Threat Preparedness Using MITRE ATT&CK\u00ae<\/strong><\/h1>\n

Keep track of threat tactics and techniques as they evolve.<\/span><\/p>\n

If you’re already a member, click here<\/a> to log in.<\/p>\n

Major Business Pain Points<\/strong><\/h2>\n
    \n
  • To effectively protect your business interests, you need to be able to address what the most pressing vulnerabilities in your network are. Which attack vectors should you model first? How do you adequately understand your threat vectors when attacks continually change and adapt?<\/span><\/span><\/span><\/span><\/li>\n
  • Security can often be asked the world but given a minimal budget with which to accomplish it.<\/span><\/li>\n
  • Security decisions are always under pressure from varying demands that pull even the most well-balanced security team in every direction.<\/span><\/li>\n
  • Adequately modeling any and every possible scenario is ineffective and haphazard at best. Hoping that you have chosen the most pressing attack vectors to model will not work in the modern day of threat tactics.<\/span><\/li>\n<\/ul>\n

    \"Threat<\/span><\/p>\n

    Recommendations<\/strong><\/h2>\n

    Key Points<\/strong><\/em><\/h3>\n
      \n
    • Precision is critical to being able to successfully defend against threats.<\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
    • Traditional threat modeling such as STRIDE or PASTA is based on a spray-and-pray approach to identifying your next potential threat vector. Instead, take a structured risk-based approach to understanding both an attacker\u2019s tactics and how they may be used against your enterprise. Threat preparedness requires precision, not guesswork.<\/span><\/span><\/span><\/li>\n
    • Knowing is half the battle.<\/strong><\/span><\/li>\n
    • You may be doing better than you think. Undoubtedly, there is a large surface area to cover with threat modeling. By preparing beforehand, you can separate what\u2019s important from what\u2019s not and identify which attack vectors are the most pressing for your business.<\/span><\/li>\n
    • Be realistic and measured.<\/strong><\/strong><\/span><\/li>\n
    • Do not try to remediate everything. Some attack vectors and approaches are nearly impossible to account for. Take control of the areas that have reasonable mitigation methods and act on those.<\/span><\/li>\n
    • Identify blind spots.<\/strong><\/strong><\/span><\/li>\n
    • Understand what is out there and how other enterprises are being attacked and breached. See how you stack up to the myriad of attack tactics that have been used in real-life breaches and how prepared you are. Know what you\u2019re ready for and what you\u2019re not ready for.<\/span><\/li>\n
    • Analyze the most pressing vectors.<\/strong><\/strong><\/span><\/li>\n
    • Prioritize the attack vectors that are relevant to you. If an attack vector is an area of concern for your business, start there. Do not cover the entire tactics list if certain areas are not relevant.<\/span><\/li>\n
    • Detection and mitigation lead to better remediation.<\/strong><\/strong><\/span><\/li>\n
    • For each relevant tactic and techniques, there are actionable detection and mitigation methods to add to your list of remediation efforts.<\/span><\/li>\n<\/ul>\n

      Approach<\/strong><\/em><\/h3>\n

      \"Threat<\/span><\/p>\n

      Using the MITRE ATT&CK\u00ae<\/sup> framework, the approach helps you understand your preparedness and effective detection and mitigation actions.<\/p>\n

        \n
      • Learn about potential attack vectors and the techniques that hostile actors will use to breach and maintain a presence on your network.<\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
      • Analyze your current protocols versus the impact of an attack technique on your network.<\/span><\/span><\/span><\/li>\n
      • Discover detection and mitigation actions.<\/span><\/li>\n
      • Create a prioritized series of security considerations, with basic actionable remediation items. Plan your next threat model by knowing what you\u2019re vulnerable to.<\/span><\/li>\n
      • Ensure business data cannot be leaked or stolen.<\/span><\/li>\n
      • Maintain privacy of data and other information.<\/span><\/li>\n
      • Secure the network connection points.<\/span><\/li>\n
      • Mitigate risks with the appropriate services.<\/span><\/li>\n<\/ul>\n

        This blueprint and associated tool are scalable for all types of organizations within various industry sectors, allowing them to know what types of risk they are facing and what security services are recommended to mitigate those risks.<\/p>\n

        Methodology and Tools<\/strong><\/h2>\n

        Executive Brief<\/strong><\/h3>\n

        Read our concise Executive Brief to find out why threat preparedness is a crucial first step in defending your network against any attack type. Review the methodology and understand the ways we can support you in completing this project.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

          \n
        • Threat Preparedness Using MITRE ATT&CK\u00ae \u2013 Executive Brief<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
        • Threat Preparedness Using MITRE ATT&CK\u00ae \u2013 Phases 1-3<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n

          1. Attack tactics and techniques<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\n

          Review a breakdown of each of the various attack vectors and their techniques for additional context and insight into the most prevalent attack tactics.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

            \n
          • Threat Preparedness Using MITRE ATT&CK\u00ae \u2013 Phase 1: Attack Tactics and Techniques<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n

            2. Threat Preparedness Workbook mapping<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\n

            Map your current security protocols against the impacts of various techniques on your network to determine your risk preparedness.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

              \n
            • Threat Preparedness Using MITRE ATT&CK\u00ae \u2013 Phase 2: Threat Preparedness Workbook Mapping<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
            • Enterprise Threat Preparedness Workbook<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n

              3. Execute remediation and detective measures<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\n

              Use your prioritized attack vectors to plan your next threat modeling session with confidence that the most pressing security concerns are being addressed with substantive remediation actions.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

                \n
              • Threat Preparedness Using MITRE ATT&CK\u00ae \u2013 Phase 3: Execute Remediation and Detective Measures<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n

                All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.<\/p>\n","protected":false},"excerpt":{"rendered":"

                Threat Preparedness Using MITRE ATT&CK\u00ae Keep track of threat tactics and techniques as they evolve. If you’re already a member, […]<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"acf":[],"yoast_head":"\nThreat Preparedness Using MITRE ATT&CK\u00ae - Cyber Leadership Institute<\/title>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Embed Security Into the DevOps Pipeline\" \/>\n<meta property=\"og:description\" content=\"Shift security left to get into DevSecOps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Leadership Institute\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/cyberleadershipinstitute\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-29T10:56:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/09-Embed-Security-Into-the-DevOps-Pipeline.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Threat Preparedness Using MITRE ATT&CK\u00ae\" \/>\n<meta name=\"twitter:description\" content=\"Threat Preparedness Using MITRE ATT&CK\u00aeKeep track of threat tactics and techniques as they evolve.If you're already a member, click here to log\" \/>\n<meta name=\"twitter:site\" content=\"@C_L_Institute\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/\",\"name\":\"Threat Preparedness Using MITRE ATT&CK\u00ae - Cyber Leadership Institute\",\"isPartOf\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg\",\"datePublished\":\"2021-11-10T15:38:40+00:00\",\"dateModified\":\"2023-01-29T10:56:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg\",\"contentUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg\",\"width\":2400,\"height\":1274},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cyberleadershipinstitute.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat Preparedness Using MITRE ATT&CK\u00ae\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#website\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/\",\"name\":\"Cyber Leadership Institute\",\"description\":\"Know You're Ready\",\"publisher\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cyberleadershipinstitute.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#organization\",\"name\":\"Cyber Leadership Institute\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg\",\"contentUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg\",\"width\":512,\"height\":512,\"caption\":\"Cyber Leadership Institute\"},\"image\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/cyberleadershipinstitute\",\"https:\/\/x.com\/C_L_Institute\",\"https:\/\/www.instagram.com\/cyber_leadership_institute\/\",\"https:\/\/www.linkedin.com\/school\/cyberleadershipinstitute\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Threat Preparedness Using MITRE ATT&CK\u00ae - Cyber Leadership Institute","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"Embed Security Into the DevOps Pipeline","og_description":"Shift security left to get into DevSecOps.","og_url":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/","og_site_name":"Cyber Leadership Institute","article_publisher":"https:\/\/facebook.com\/cyberleadershipinstitute","article_modified_time":"2023-01-29T10:56:56+00:00","og_image":[{"width":1024,"height":576,"url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/09-Embed-Security-Into-the-DevOps-Pipeline.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_title":"Threat Preparedness Using MITRE ATT&CK\u00ae","twitter_description":"Threat Preparedness Using MITRE ATT&CK\u00aeKeep track of threat tactics and techniques as they evolve.If you're already a member, click here to log","twitter_site":"@C_L_Institute","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/","url":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/","name":"Threat Preparedness Using MITRE ATT&CK\u00ae - Cyber Leadership Institute","isPartOf":{"@id":"https:\/\/cyberleadershipinstitute.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage"},"image":{"@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg","datePublished":"2021-11-10T15:38:40+00:00","dateModified":"2023-01-29T10:56:56+00:00","breadcrumb":{"@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#primaryimage","url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg","contentUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Pain-Points.jpg","width":2400,"height":1274},{"@type":"BreadcrumbList","@id":"https:\/\/cyberleadershipinstitute.com\/threat-preparedness-using-mitre-attck-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberleadershipinstitute.com\/"},{"@type":"ListItem","position":2,"name":"Threat Preparedness Using MITRE ATT&CK\u00ae"}]},{"@type":"WebSite","@id":"https:\/\/cyberleadershipinstitute.com\/#website","url":"https:\/\/cyberleadershipinstitute.com\/","name":"Cyber Leadership Institute","description":"Know You're Ready","publisher":{"@id":"https:\/\/cyberleadershipinstitute.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberleadershipinstitute.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cyberleadershipinstitute.com\/#organization","name":"Cyber Leadership Institute","url":"https:\/\/cyberleadershipinstitute.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/","url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg","contentUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg","width":512,"height":512,"caption":"Cyber Leadership Institute"},"image":{"@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/cyberleadershipinstitute","https:\/\/x.com\/C_L_Institute","https:\/\/www.instagram.com\/cyber_leadership_institute\/","https:\/\/www.linkedin.com\/school\/cyberleadershipinstitute\/"]}]}},"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"authorship-box-avatar":false,"authorship-box-related":false},"uagb_author_info":{"display_name":"nomel ojidrev","author_link":"https:\/\/cyberleadershipinstitute.com\/author\/lem\/"},"uagb_comment_info":0,"uagb_excerpt":"Threat Preparedness Using MITRE ATT&CK\u00ae Keep track of threat tactics and techniques as they evolve. If you’re already a member, […]","_links":{"self":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/pages\/24838"}],"collection":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/comments?post=24838"}],"version-history":[{"count":10,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/pages\/24838\/revisions"}],"predecessor-version":[{"id":35331,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/pages\/24838\/revisions\/35331"}],"wp:attachment":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/media?parent=24838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}