Over the last several weeks we’ve published posts on getting started with ATT&CK by using it for threat intelligence, for detection and analytics, and for adversary emulation. In part four of our mini-series, we’re going to talk about assessments and engineering, showing how you can use ATT&CK to measure your defenses and enable improvement. In many ways this post builds upon the prior ones, so check them out if you haven’t already!
To make this process more accessible — and following along with the other posts — we’ve broken this post down into three levels based on sophistication and resource availability:
- Level 1 for those just starting out who may not have many resources,
- Level 2 for those who are mid-level teams starting to mature, and
- Level 3 for those with more advanced cybersecurity teams and resources.