MITRE ATT&CK For Dummies

By Walker Banerd May 7, 2020 mitre-attck, security-orchestration-automation-response

Everyone knows the “For Dummies” series of books. In fact, I’d wager you’ve read several over the years when you needed to learn about a new topic in an accessible but informative way. I know I have. That’s why I’m excited to announce that D3 has teamed up with the folks behind the “Dummies” books to produce “MITRE ATT&CK For Dummies”. The book has just been released, and you can download it for free, exclusively from the D3 Resource Hub.

We wanted to produce this book because ATT&CK is an integral part of D3 SOAR, used for enrichment of events with ATT&CK TTPs and much more. In the time since we started integrating ATT&CK into our technology, we have found that there is still a wide range of understanding around ATT&CK as a framework in the cybersecurity world. Many people are curious but don’t know much about it, and many people understand its value but don’t know how to use it in their organization. We wanted to create a definitive overview of ATT&CK for people of all levels of understanding that could tell them what ATT&CK is, where it came from, what makes it different, and how to put it to work.

And don’t worry, the book isn’t just one long ad for D3 SOAR! In fact, we only briefly mention how SOAR can help you leverage ATT&CK. The book is vendor-neutral, with a scope that should be relevant to the entire cybersecurity industry. We think you’ll find it to be a useful resource with many actionable instructions and free tools that you can put to work right away.

 

What’s in the Book?

MITRE ATT&CK For Dummies begins with background information about MITRE ATT&CK, its origins, why it’s different from other frameworks, and its value in today’s security industry. The book concludes with 10 ways you can get started with ATT&CK in your organization. In between, you’ll find three major sections, each with its own use cases. These sections are where you’ll learn the answer to the question so many people have about MITRE ATT&CK: how do I take all this data and turn it into something that can help my organization stay secure?

Assessment and Analysis

In this section, you’ll learn how to assess your coverage of the ATT&CK techniques that are most relevant to you, expand that coverage to more techniques, and map it to the ATT&CK matrix. We also cover how coverage of ATT&CK techniques can be used to evaluate new security tools.

Intelligence and Investigation

In this section, you’ll learn how to model threats from APT groups that pose a major risk in your industry and map their preferred techniques to ATT&CK to inform your security strategy. You’ll also learn how to map threat intelligence reports, past incidents, and SOAR data to ATT&CK.

Detection and Response

In this section, you’ll learn to put all this knowledge to work proactively by creating analytics to detect techniques, implementing mitigations where possible, and testing your defenses using adversary emulation.

 

D3: The SOAR with MITRE ATT&CK

Once again, you can download MITRE ATT&CK For Dummies here. I hope you’ll read it and learn something that helps you leverage this powerful framework in your organization. D3 SOAR makes it easy for organizations to leverage ATT&CK by correlating incoming events and indicators against ATT&CK techniques, revealing what your adversaries are trying to do. D3’s specialized dashboards make ATT&CK information visible and understandable, with at-a-glance visualizations such as the occurrence of each technique in your environment.

If you want to learn more about how D3 SOAR uses MITRE ATT&CK to enable proactive security operations, schedule a one-on-one demo with one of our product experts.

Walker Banerd

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.


Comments

comments for this post are closed