Global Security Forum

Challenges in Adopting MITRE ATT&CK

  • 1.  Challenges in Adopting MITRE ATT&CK

    Posted Wed March 10, 2021 04:12 PM
    I'm interested in Community feedback from those who have decided to adopt MITRE ATT&CK as a resource contributing to their security program. Inside IBM Security Services, we've adopted a point of view that MITRE ATT&CK can be incorporated at multiple levels, specifically, at a minimum:

    1. Strategically: understanding the exposure of assets deemed critical by the business; this can inform risk decisions and resource allocation for your security strategy
    2. Operationally: for example, incorporating detection logic into monitoring systems like SIEMs based on the techniques in MITRE ATT&CK; or a common framework for Red and Blue team operations members to test security controls.

    Are organizations using MITRE ATT&CK more operationally than strategically? Where is adoption most problematic, strategic or operational, or other? An "other" might be the ever expanding nature of MITRE ATT&CK and keeping up with the growth of the framework.

    To be transparent, I might speak, anonymously and in aggregate, about the feedback received here in an upcoming webinar I'll be participating in. If there are other challenges, or way in which organizations are using MITRE ATT&CK, please share those as well and of course, everyone is welcome to hear our additional insights in the webinar on March 24th. You can find the event here in the Events page:

    https://community.ibm.com/community/user/security/all-events

    or the specific link is:

    https://community.ibm.com/community/user/security/events/event-description?CalendarEventKey=649c24f4-217d-4090-a1a4-38c0a3f061cb&CommunityKey=96f617c5-4f90-4eb0-baec-2d0c4c22ab50&Home=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2frecent-community-events

    ------------------------------
    John Velisaris
    ------------------------------