Chapter 3. Dissecting Frameworks and Strategies

MITRE is a nonprofit organization that operates research and development centers sponsored by the US government. One of its essential areas of expertise is cybersecurity, and the organization has made significant contributions to the field through its work on adversary emulation (AE). It has been at the forefront for years, developing many tools and methodologies to help improve cybersecurity posture. The best-known is the MITRE ATT&CK, a comprehensive matrix of TTPs used by cyber adversaries. It is widely used by cybersecurity professionals as a reference when designing and evaluating security systems.

The Cyber Analytics Repository (CAR), a collection of open source analytics that detects and responds to cyber threats, is among the additional tools and resources that MITRE has created to help in adversary simulation. The CAR includes analytics for various TTPs and platforms like Windows, Linux, and Android. MITRE has also researched various aspects of cybersecurity, including publishing several papers on the use of deception in cybersecurity, which involves using false or misleading information to deceive or misdirect attackers. This approach can be utilized in different ways, such as by creating fake access information or decoy systems to divert attackers from the organization’s real assets and provide time for proper responses.

The use of machine learning, including developing algorithms for threat identification and classification, ...