Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

MITRE ATT&CK Used for Cybersecurity Skills Development

By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time

By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time

MITRE ATT&CK (adversarial tactics, techniques and common knowledge) is a knowledge base of adversarial attack techniques. It has, so far, been used primarily by security vendors to check whether their products can detect specific attack processes, and by companies to check whether their defenses will prevent them.

Immersive Labs, a cybersecurity skills development firm, has now added a new twist — the integration of MITRE ATT&CK into its skills development platform. This means, says the firm, “organizations can map and manage specific people’s skills to actual risks.”

“The MITRE ATT&CK knowledge base,” explains Richard Struse, MITRE’s chief strategist for cyber threat intelligence, “provides a common language for the cybersecurity community to use when describing adversary behaviors. We continue to be inspired by the ways the entire community is using ATT&CK to improve their defenses.”

The problem with traditional teaching methods is the knowledge taught cannot keep pace with the latest evolving attack methods. However, MITRE ATT&CK has become the de facto repository for the latest information discovered by the cybersecurity industry that constantly battles malicious attackers. It is, by its nature, as up to date with the latest threats as possible.

Testing technology against these threats is relatively simple; but, comments James Hadley, CEO and co-founder of Immersive Labs, “it’s much harder to do against the skills of team members. By mapping skills and training to ATT&CK, organizations skill levels can be visualized in real-time, highlighting gaps or potential for increased investment and improving security teams’ ability to prevent and respond to events.”

By taking real-time feeds of the latest attack techniques into a gamified learning environment, the platform seeks to improve organizations’ skill pool in two specific areas. Firstly, it ensures that senior members of the security team have an understanding of the very latest threats, while secondly it allows for detection and targeted remediation of any general weaknesses in the talent pool.

Related: Where To Begin With MITRE ATT&CK Matrix 

Advertisement. Scroll to continue reading.

Related: Level the Security Operations Playing Field With MITRE ATT&CK 

Related: MITRE ATT&CK Matrix Used to Evaluate Endpoint Detection and Response Products 

Related: MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.