As reported by Jaden Beard of Inside Cybersecurity, new details on the threat detection strategies are coming to the MITRE ATT&CK® framework.
“What I’m introducing today is nothing short of a complete restructuring change to detections within the MITRE ATT&CK framework,” MITRE ATT&CK Defense Lead Lex Crumpton said during ATT&CKcon 6.0.
Version 18 of MITRE ATT&CK will be published on Oct. 28.
ATT&CK Lead Adam Pennington said, “The bulk of our work, of any release, is updates, and additions to techniques, sub-techniques, mitigations, groups, software campaigns across all our three domains, but we do have some major changes coming to the detections-side of ATT&CK.”
He said the changes to the threat detection are “the most significant update to ATT&CK’s defensive architecture since 2020 in terms of breaking things and changes to STIX,” an open-source format for categorizing cyber threat intelligence.
Crumpton said the restructuring of the ATT&CK’s detection capabilities marks a transition from isolated threats to now having the capability to map the threats to a full chain of potential adversary behavior over time.
The detection strategies will serve as a “behavioral-first blueprint that defines what the adversary behavior is, and why it matters” to help organizations better mitigate cyber threats, Crumpton said. “This isn’t just an incremental improvement; this is going to be a paradigm shift in order for us to help defenders move from isolated events to understanding full causal chains of adversary behaviors across enterprises.”
The changes will cover industrial control systems, mobile and enterprise domains, and cover 10 platforms.