Glossary

MITRE ATT&CK Framework

Request a Demo

Experience a live demo and learn more about RidgeBot or RidgeShield.

MITRE ATT&CK

The adversarial tactics, techniques, and common knowledge (MITRE ATT&CK) is a guideline for classifying and describing cyberattacks and intrusions. Created by the Mitre Corporation, the framework consists of 14 tactical categories that consist of “technical objectives” of an adversary.

The MITRE ATT&CK framework provides guidance on how best to prevent and respond to cyberthreats, and is essential for understanding, prioritizing, and mitigating cyberattack risks.

MITRE ATT&CK can help:

– Strengthen cyberthreat intelligence

– Improve alert triage and investigations

– Create realistic scenarios and emulation plans for red team exercises

– Implement strong mitigation controls

RidgeBot® ACE support for MITRE ATT&CK

RidgeBot® Adversary Cyber Emulation (ACE) prevents cyberattacks by preempting adversarial opportunities by bad actors. RidgeBot® ACE includes complete coverage of the MITRE ATT&CK Framework. It applies AI-driven decision making; it’s modeled with a collective knowledge of threats, vulnerabilities, and exploits; and it’s equipped with state-of-the-art ethical hacking techniques.

To measure security control effectiveness, RidgeBot® ACE software agents simulate real-world cyberattacks without impacting the organization’s IT environment.

Assessment Test Script – A group of scripted behaviors are carried out to simulate a specific cyberattack or validate the security controls.

Key Measurement Block Rate – The ratio of blocked scripts, versus all assessment scripts executed during RidgeBot® ACE testing.

Endpoint Security – Simulates the behavior of malicious software, or downloads malware signatures to validate the security controls of targeted endpoints.

Data Exfiltration – Simulates the unauthorized movement of data from servers — e.g., personal, financial, confidential data, software source code, and more.

Active Directory Information Recon – Simulates an attacker to gather useful resources in Windows Active Directory for elevated privilege, persist, and plundering information.