A quick breakdown of the ATT&CK matrix

What is the ATT&CK matrix?

MITRE has organized all information pertaining to its various observations about attacker behavior and
methods of attacks into the ATT&CK matrix.

It is made up of two components:
Tactics

These are the immediate goals of the attackers, such as reconnaissance to identify weak spots in the perimeter, initial access tactics to break into the network, and exfiltration to steal the data. Attackers commonly use multiple tactics to achieve their goals.

Techniques

These are the methods used by attackers to achieve their tactical goals. The matrix is built in such a way that each tactic has multiple techniques listed for it. For example, for a lateral movement tactic, there are close to 20 techniques and sub-techniques.

Additionally, MITRE offers mitigation measures for the various cyberattack tactics and techniques in the matrix.

To which platforms and technologies is the matrix applicable?

The matrix is available in multiple formats to suit various technologies and platforms, including:

Enterprise IT systems

Windows, macOS, Linux, PRE Matrix, Azure AD, Microsoft 365, Google Workspace, SaaS, IaaS, networks, and containers.

Mobile devices:

How does this matrix benefit
your business?

Identifies gaps in your
defense strategy

It helps you assess the organization's existing security practices and strategies to identify any gaps. A common method is to carry out red team vs. blue team exercises that lets businesses test and enhance their security measures proactively in response to current cybersecurity trends.

Provides post-compromise detection

This matrix gives you a comprehensive picture of the actions taken by an attacker and their next possible moves, giving the security team a head start on implementing immediate security measures in response to ensure there is minimal to no damage or loss of data.

Aligns with the ever-evolving cybersecurity landscape

The ATT&CK framework has been continuously updated ever since it was introduced in 2013. This helps businesses stay on top of the current trends in cybersecurity as it has detailed information relating to a variety of platforms and devices.

Helps you develop a robust threat mitigation plan

Understanding the various attack techniques can help businesses counter them. This allows them to prioritize security, set up hygienic cybersecurity practices, and draft secure mitigation plans and first-response protocols for diverse cyberthreats.

Operationalizes and automates practices for efficient security

Organizations can use this framework to automate and standardize security practices through AI-based automation to detect attack techniques and enforce suitable defense and mitigation measures. This is useful for small businesses and organizations that do not have sufficient expertise in cybersecurity threats and practices.

MITRE mitigation techniques

In addition to the ATT&CK matrix, MITRE lists over 40 mitigation techniques to help fend off cyberattacks. But to get the most out of these resources, you must use it in combination with a robust IAM solution like ADManager Plus. that can help you safeguard your business against all these attacks.

5 must-know MITRE mitigation techniques for secure
Active Directory management
Why 5? Not all organizations have the resources to implement all the mitigation measures recommended by MITRE. For organizations unable to implement all of these measures, these five mitigation techniques are a good place to start.
  • Active Directory configuration
  • Account use policies
  • Multi-factor authentication
  • User account management
  • Data backup

AD configuration

Manage access control lists for permissions pertaining to domain controllers and replication.
Make use of GPOs to isolate and secure access to critical systems in a network.
Remove unsecured credentials and disable vulnerable GPO settings.
Clean up security identifier attribute history after account migrations.

How can ADManager Plus help you implement this?
  • Centralized management of AD objects (like users, computers, contacts, GPOs, OUs, and groups), Microsoft 365, Exchange, Google Workspace, Skype for Business, and more
  • Options for single and bulk management of AD objects
  • Reactive templates that can be customized with rules and conditions aimed at reducing manual errors
  • Custom automations to provision and manage user accounts and more

Account use policies

Set account lockout policies to lock accounts after a given number of attempts and prevent brute-force attacks, password spraying, and more.
Keep track of logon attempts through reports to detect anomalous user behavior.

How can ADManager Plus help you implement this?
  • Dedicated, prebuilt reports for listing locked out users, the number of logon attempts, users with dial-in access, user accounts that never expire, and more
  • Quick, easy management options to manage user accounts right from the reports
  • Scheduling options to automatically generate and email reports to the security team
  • A custom report builder

MFA

Enforce MFA for access to AD, critical files, and servers.
Privileged accounts should also be able to log on only after MFA.

How can ADManager Plus help you implement this?
  • Supports SSO and SAML logon security options for accessing AD through the product
  • Secure delegation of AD management tasks with audit trails

User account management

Enforce the principle of least privilege to restrict visibility to dashboards and critical modules in IT tools and applications that work with critical data.
Implement access control mechanisms with both authentication and authorization for information repositories and databases.
Permanent access assignments should be replaced with just-in-time access as much as possible.

How can ADManager Plus help you implement this?
  • Secure delegation of AD management tasks with role- and profile-based access to AD management capabilities and dashboard visibility for technicians
  • Approval-based workflows for secure execution of critical tasks
  • Custom automations for critical tasks like stale account cleanup to remove inactive user accounts with excess privileges
  • A disable and delete policy for instantly revoking the access privileges of user accounts belonging to former employees, employees moving to different teams, and fired employees to prevent abuse of privileges

Data backup

Draft IT disaster recovery plans that include regular backups and procedures for the secure recovery of critical data.
Maintenance practices for testing backup and recovery processes should also be in place.

How can ADManager Plus help you implement this?
  • Full or incremental backups of all AD objects, including users, computers, contacts, groups, OUs, GPOs, dynamic distribution groups, and DNS nodes and zones
  • Recovery of AD objects (even those that are past their tombstone lifetime) without restarting the domain controllers
  • Automated periodic backups of AD with scheduling options

Why ADManager Plus?

With cyberattacks rising faster than ever, MITRE ATT&CK is invaluable for assisting businesses with making threat-informed decisions and fortifying their security. Yet, in order to build upon this framework, businesses need a sustainable, scalable IAM solution that works in tandem with MITRE resources. ManageEngine ADManager Plus is a web-based IAM solution with an intuitive, easy-to-use interface built to manage and report on AD, Microsoft 365, Exchange, Google Workspace, Skype for Business, and more, all from a single console.

Download ADManager Plus

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.