MITRE ATT&CK® is a knowledge base that helps model cyber adversaries' tactics and techniques—and then shows how to detect or stop them.
Cyber adversaries are shapeshifters: notoriously intelligent, adaptive, and persistent. They learn from every attack, whether it succeeds or fails. They can steal personal data, damage business operations, or disrupt critical infrastructure.
But there is a lot we can learn from cyber adversaries. And that’s where MITRE comes in. We developed MITRE ATT&CK®, a globally accessible knowledge base of adversary behavior.
ATT&CK is freely available to everyone—including the private sector, government, and the cybersecurity product and service community—to help develop specific threat models and methodologies. The ATT&CK knowledge base outlines common tactics, techniques, and procedures used by cyber adversaries. In doing so, ATT&CK provides a common language for defenders to have conversations about emerging threats and develop effective defensive strategies.
Along with the ATT&CK Matrix for Enterprise, we also provide specific guidance for cloud, Windows, macOS, mobile, and industrial control systems.
Building a Community Around Threat-Informed Defense
ATT&CK isn’t just a knowledge base. We’re building a community of cyber professionals from government, academia, and the private sector. ATT&CK users from 226 different countries and territories contribute real-world observations and learn from the tactics and techniques identified in the matrix.
The ATT&CK team continues to expand and update the framework to help defenders reduce vulnerabilities, understand known behaviors, and recognize threats before adversaries carry out their objectives.
MITRE EngenuityTM, our tech foundation that collaborates with the private sector on challenges that demand public interest solutions, is helping to support the growth of the ATT&CK and threat-informed defense communities:
- The Center for Threat-Informed Defense™ brings together sophisticated security teams from leading organizations around the world to conduct and share research that improves the collective ability to prevent, detect, and respond to cyber attacks.
- MITRE Engenuity ATT&CK® Evaluations help cybersecurity vendors improve their offerings and provide defenders with insights into a product’s capabilities and performance. Evaluations follow a rigorous, transparent methodology, using a collaborative, threat-informed purple-teaming approach to evaluate solutions within the context of ATT&CK.
- MITRE ATT&CK DefenderTM offers a “living certification” approach that validates mastery of using MITRE ATT&CK to improve threat-informed defenses. MAD training is free.