Experts advocate for 'ATT&CK' as go-to framework to share threat intel

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/mitre-attck-framework-experts-advocate/

By Zaid Shoorbajee
cyberscoop
OCT 23, 2018

Different cybersecurity companies have their own unique ways of talking 
about the threats they track. That can be frustrating when they need to 
share critical information about APT28, Fancy Bear, Sofacy or STRONTIUM -- 
all of which are names used by different companies for one prominent 
Russian hacking group.

Experts say that the "ATT&CK" framework -- a model for organizing detailed 
information about how a threat group behaves -- has been gaining in 
popularity and helping organizations share threat intelligence.

MITRE Corp., a federally funded nonprofit organization that manages 
public-private technology partnerships, started developing ATT&CK in 2013. 
The group says the framework has ballooned into a popular way for people 
performing different roles in cybersecurity to speak the same language. 
MITRE held its first ever ATT&CKcon on Tuesday in McLean, Virginia, where 
various vendors convened to discuss how the framework has streamlined 
their practice of threat intelligence sharing.

ATT&CK provides defenders with spreadsheet-style matrices that structure 
the way one can talk about an attacker’s tactics, techniques and 
procedures (TTP). The tables include different observable methods of 
persistence, exfiltration, lateral movement and other granular pieces of 
information.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_