What cyber analytics students should know about MITRE ATT&CK

August 17, 2020
a man works on a data analysis on his desktop to symbolize what cyber analytics students should know about mitre attack

Methods of cyber crime are ever changing making it incredibly difficult to stay on top of the various methods of attack. One resource that catalogs the latest developments in the cyber landscape is MITRE ATT&CK.

Developed by MITRE Corporation, “MITRE ATT&CK is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target,” as stated in the product’s Design and Philosophy document.

ATT&CK is a behavioral model that entails four primary components, as listed in the Design and Philosophy document:

  • Tactics, denoting short-term, tactical adversary goals during an attack
  • Techniques, describing the means by which adversaries achieve tactical goals
  • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques
  • Documented adversary usage of techniques, their procedures, and other metadata

This means that ATT&CK identifies the “how” of a cyber attack – how a system is compromised and how a threat operates once within that system. Knowing the “hows” means cyber analysts are able to react as quickly as possible to a threat, therefore limiting the impact and improving detection.

MITRE has shared ATT&CK with public at no charge, which means that students and cyber analytics experts alike can access the same information and put it to work. ATT&CK includes information on Windows, MAC, Linux, cloud-based systems, and more.

For students, it allows a real-world look at the current threat landscape. ATT&CK can be used to develop analytics that find threats and better understand how attackers operate. It can also be used to emulate specific threats, giving students the opportunity to better understand how an attack occurs so that they are better positioned to defend against it.

ATT&CK can also be used by students in conjunction with risk assessment projects, helping students to see actual examples of risk assessment and gap assessment processes and understand what tools, products, or tracking should be implemented for specific scenarios.

With training modules and strong community involvement, MITRE ATT&CK is a key tool for any student pursuing education in cyber analytics.

Capitol Tech students studying cyber analytics take courses in secure coding, scripting languages, secure data communication and cryptography, penetration testing, and malware analysis/reverse engineering. Students graduate with a strong foundation in programming, information assurance, and analytics, positioning them to be at the top of the field of cyber analytics.

Capitol Tech offers bachelor’s and master’s degrees in cyber analytics. For more information, contact admissions@captechu.edu.

Categories: Cyber Analytics

Related posts:
Cyber analytics may uncover the link between cryptocurrency coding and market behavior
Predictions on the state of data in 2021
Cyber Analytics – Seeing From the Enemy's Perspective
How business and data analytics is changing the transportation industry
What is digital forensics?