Security Experts:

MITRE ATT&CK Used for Cybersecurity Skills Development

By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time

MITRE ATT&CK (adversarial tactics, techniques and common knowledge) is a knowledge base of adversarial attack techniques. It has, so far, been used primarily by security vendors to check whether their products can detect specific attack processes, and by companies to check whether their defenses will prevent them.

Immersive Labs, a cybersecurity skills development firm, has now added a new twist -- the integration of MITRE ATT&CK into its skills development platform. This means, says the firm, "organizations can map and manage specific people's skills to actual risks."

"The MITRE ATT&CK knowledge base," explains Richard Struse, MITRE's chief strategist for cyber threat intelligence, "provides a common language for the cybersecurity community to use when describing adversary behaviors. We continue to be inspired by the ways the entire community is using ATT&CK to improve their defenses."

The problem with traditional teaching methods is the knowledge taught cannot keep pace with the latest evolving attack methods. However, MITRE ATT&CK has become the de facto repository for the latest information discovered by the cybersecurity industry that constantly battles malicious attackers. It is, by its nature, as up to date with the latest threats as possible.

Testing technology against these threats is relatively simple; but, comments James Hadley, CEO and co-founder of Immersive Labs, "it's much harder to do against the skills of team members. By mapping skills and training to ATT&CK, organizations skill levels can be visualized in real-time, highlighting gaps or potential for increased investment and improving security teams' ability to prevent and respond to events."

By taking real-time feeds of the latest attack techniques into a gamified learning environment, the platform seeks to improve organizations' skill pool in two specific areas. Firstly, it ensures that senior members of the security team have an understanding of the very latest threats, while secondly it allows for detection and targeted remediation of any general weaknesses in the talent pool.

Related: Where To Begin With MITRE ATT&CK Matrix 

Related: Level the Security Operations Playing Field With MITRE ATT&CK 

Related: MITRE ATT&CK Matrix Used to Evaluate Endpoint Detection and Response Products 

Related: MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.