Connect with us

Hi, what are you looking for?

Latest

MITRE ATT&CK Tactics Are Not Tactics

MITRE ATT&CK Tactics Are Not Tactics

 

MITRE ATT&CK Tactics Are Not Tactics

Simply what are “techniques”?

Introduction

MITRE ATT&CK is a superb useful resource, however one thing about it has bothered me since I first heard about it a number of years in the past. It is a minor level, however I needed to doc it in case it confuses anybody else.

At a high-level, ATT&CK is a behavioral mannequin that consists of the next core parts:

• Techniques, denoting short-term, tactical adversary targets throughout an assault;

• Strategies, describing the means by which adversaries obtain tactical targets;

• Sub-techniques, describing extra particular means by which adversaries obtain tactical targets at a decrease degree than methods; and

• Documented adversary utilization of methods, their procedures, and different metadata.

My concern is with MITRE’s definition of “techniques” as “short-term, tactical adversary targets throughout an assault,” which is oddly recursive.

The important thing phrase within the techniques definition is targets. In line with MITRE, “techniques” are “targets.”

Examples of ATT&CK Techniques

MITRE ATT&CK Tactics Are Not Tactics
MITRE ATT&CK “Techniques,” https://assault.mitre.org/techniques/enterprise/

Taking a look at this checklist, the primary 11 gadgets may certainly be seen as targets. The final merchandise, Affect, will not be a purpose. That merchandise is an artifact of making an attempt to shoehorn extra data into the ATT&CK construction. That is not my major concern although.

Army Idea and Definitions

As a service academy graduate who needed to sit by means of many lectures on army principle, and who participated in small unit workout routines, the concept of techniques as “targets” doesn’t make any sense.

I would wish to share three sources that provide a distinct perspective on techniques. Though all three are army, my argument doesn’t depend upon that affiliation.

In his e-book On Techniques, B. A. Friedman defines techniques as “the use of army forces to attain victory over opposing enemy forces over the brief time period.” (emphasis added)

“Techniques, in warfare, the artwork and science of combating battles on land, on sea, and within the air. It’s involved with the strategy to fight; the disposition of troops and different personalities; the use made of assorted arms, ships, or plane; and the execution of actions for assault or protection…

The phrase techniques originates within the Greek taxis, that means order, association, or disposition — together with the type of disposition wherein armed formations used to enter and combat battles. From this, the Greek historian Xenophon derived the time period tactica, the artwork of drawing up troopers in array. Likewise, the Tactica, an early 10th-century handbook mentioned to have been written beneath the supervision of the Byzantine emperor Leo VI the Clever, handled formations in addition to weapons and the methods of combating with them.

The time period techniques fell into disuse in the course of the European Center Ages. It reappeared solely towards the tip of the 17th century, when “Tacticks” was utilized by the English encyclopaedist John Harris to imply ‘the Artwork of Disposing any Variety of Males right into a proposed type of Battle…’”

From these three examples, it’s clear that techniques are about use and disposition of forces or capabilities throughout engagements. Targets are fully totally different. Techniques are the strategies by which leaders obtain targets. 

How Did This Occur?

I used to be not a fly on the wall when the MITRE group designed ATT&CK. Maybe the MITRE group fixated on the phrase”techniques, methods, and procedures,” or “TTPs,” once more derived from army examples, after they have been designing ATT&CK? TTPs grew to become sizzling in the course of the 2000s as incident responders drew with army expertise drew on that language when growing ideas like indicators of compromise. That fixation may need led MITRE to make use of “techniques” for his or her top-level construction.

It could have made extra sense for MITRE to have simply mentioned “purpose” or “goal,” however “GTP” is not acknowledged by the digital defender world.

It is Not Simply the Army

Some readers would possibly assume “ATT&CK is not a army software, so your army examples do not apply.” I take advantage of the army references to point out that the phrase tactic does have army origins, just like the phrase “technique,” from the Greek Strategos or strategus, plural strategoi, (Greek: στρατηγός, pl. στρατηγοί; Doric Greek: στραταγός, stratagos; that means “military chief”).

That mentioned, I’d be stunned to see the phrase techniques used as “targets” wherever else. For instance, none of those examples from the non-military world contain techniques as targets:

This information for ice hockey coaches mentions techniques like “give and go’s, crossing assaults, biking the puck, chipping the puck to house and overlapping.”

Within the civilian world, techniques are how leaders obtain targets or targets.

Conclusion

Within the massive image, it does not matter that a lot to ATT&CK content material that MITRE makes use of the time period “techniques” when it actually means “targets.”

Nonetheless, I wrote this text as a result of the ATT&CK design and philosophy emphasizes a typical language, e.g., ATT&CK “succinctly organizes adversary techniques and methods together with offering a widespread language used throughout safety disciplines.”

If we need to share a typical language, it is essential that we acknowledge that the ATT&CK use of the time period “techniques” is an anomaly. Maybe a future version will change the terminology, however I doubt it given how entrenched it’s at this level.

ta0001,mitre att&ck spreadsheet,ta0002 mitre,mitre execution phase,mitre pre attack,t1035 t1179 mitre,mitre att&ck framework pdf,mitre att&ck vs kill chain,rapid7 mitre att&ck,mitre tactic initial access,mitre att&ck framework excel,bloodhound att&ck,mitre att&ck use cases,initial access mitre,the “ck” in att&ck refers to the _______.,mitre att&ck training,adversaries technical goals are,mitre att&ck vs nist,using mitre att&ck for threat hunting,tripwire mitre attack,what is mitre ttp,mitre ttp matrix,what is pre att&ck,mitre att&ck framework training,threat queue,tactics, techniques, and procedures,mitre attack framework pdf,ttp defense,mitre framework github,mitre att&ck framework certification,rapid7 threat detection,what are the key components of att&ck,mitre att&ck tactics and techniques,mitre att&ck evaluation,mitre att&ck wiki,mitre att&ck navigator

You May Also Like

Hosting

The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of...

Hosting

On Thursday, April 23rd, 2020, Canonical Ltd, the makers of Ubuntu Linux distribution officially released the long-awaited Ubuntu 20.04 version code-named “Focal Fossa”, it...

Hosting

As the robot process automation (RPA) market becomes more and more dynamic, more and more companies are trying to integrate RPA into their business...

Latest

Virtual Machine Manager is one of the best hypervisors available for the Linux desktop. This is well-designed and well-functioning QEMU/KVM virtualization software that takes...