• Home
  • /Learn
  • /Find a Pen Testing Provider That Uses the MITRE ATT&CK Framework
background image

Blog

Find a Pen Testing Provider That Uses the MITRE ATT&CK Framework

certification

Find a Pen Testing Provider That Uses the MITRE ATT&CK Framework

The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The framework provides a common language for describing attacks and can be used to improve detection, analysis, and response capabilities.

The MITRE ATT&CK framework is a measure that is increasing in popularity among penetration testing teams. MITRE Engenuity published the first-ever ATT&CK evaluations for ICS (Industrial Control Systems), which focused on techniques related to notorious threat groups, particularly Carbanak and FIN7. 

But why do MITRE evaluations hold this importance, and how can you use this framework to assist in audits that can help you cover security gaps in your enterprise IT network? 

Understanding MITRE ATT&CK Framework and Matrices

The ATT&CK framework, which stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge, was introduced by MITRE in 2013. It helps organizations describe and categorize adversarial behaviours as per real-world observations. It is a structured list of known attacker behaviours compiled into multiple tactics and techniques expressed in the form of matrices. 

The MITRE ATT&CK framework is a comprehensive representation of behaviours attackers often employ to compromise networks, making it very useful for various offensive and defensive representations and measurements.

The question it aims to address is

"How well are we detecting documented adversary behaviour?"

The MITRE ATT&CK Has Three Versions:

  1. ATT&CK for Enterprise: Focuses on adversarial behaviour in Windows, Mac, Linux, and Cloud environments.

  2. ATT&CK for Mobile: Focuses on adversarial behaviour on iOS and Android operating systems.

  3. ATT&CK for ICS: Focuses on describing the actions an adversary may take while operating within an ICS network.

Why Do You Need MITRE ATT&CK Framework?

ATT&CK offers a lot of value in everyday settings. For instance, any defensive activity referencing attackers and their behaviours can benefit from ATT&CK’s taxonomy. It provides a common lexicon for cyber defenders and helps you lay a strong foundation for penetration testing and red teaming. It brings defenders and red teamers on the same page with a common language when referring to adversarial behaviours.

You can use ATT&CK’s taxonomy for: 

  • Mapping Defensive Controls and Threat Hunting: When referenced against the ATT&CK tactics and techniques, defensive controls may have well-understood meaning for them. Mapping defences to ATT&CK also help you create a roadmap of defensive gaps and provides threat hunters, i.e., the perfect places where you can identify missed attacker activities.

  • Sharing: MITRE ATT&CK framework helps the defenders ensure common understanding when sharing information about defensive controls or an attack, actor, or group.

  • Detections and Investigations: Your Security Operations Center (SOC) and incident response team can use detected or uncovered ATT&CK techniques and tactics to understand where defensive strengths and weaknesses exist. You can also use it to validate mitigation and detection controls while uncovering misconfigurations and other operational issues.

  • Tool Integrations and Referencing Actors: You can use ATT&CK tactics and techniques to standardize disparate tools and services, lending cohesiveness to an often-lacking defence. It also helps reference actors, especially those associated with specific, definable behaviours.

Finding a Penetration Tester Provider That Uses the MITRE ATT&CK Framework

Penetration testing services play an important role in securing your enterprise network since they help you evaluate the security of your IT systems by simulating actual cyberattacks. The provider deliberately tries to break into your systems, devices and data when conducting penetration testing. When choosing a penetration testing partner, we recommend selecting one that uses the MITRE ATT&CK framework.

If you’re looking for a penetration testing provider with expertise in the MITRE ATT&CK framework, Packetlabs is a perfect choice.

Packetlabs methodologies, frameworks and standards are derived from the following and are enhanced by our internal team:

  • MITRE ATT&CK framework for enterprises

  • OWASP testing methodology (OWASP top 10 mobile, API, web, ASVS)

  • SANS Pentest Methodology

  • NIST SP800-115 to ensure compliance with most regulatory requirements.

  • SOC2 Type II Accredited

  • Canadian Data Residency

  • No Outsourcing

  • No Egos, Ever

  • No False Positive Findings

  • Coverage-Based Approach

  • OSCP-Minimum Staffing

  • 95% Manual Testing

  • Quick Engagement Starts

  • Open Retest Time Frame

Sign up for our newsletter

Get the lastest blog posts in your inbox biweekly!