Getting Started with ATT&CK: Assessments and Engineering


Over the last several weeks we’ve published posts on getting started with ATT&CK by using it for threat intelligencefor detection and analytics, and for adversary emulation. In part four of our mini-series, we’re going to talk about assessments and engineering, showing how you can use ATT&CK to measure your defenses and enable improvement. In many ways this post builds upon the prior ones, so check them out if you haven’t already!

To make this process more accessible — and following along with the other posts — we’ve broken this post down into three levels based on sophistication and resource availability:

  • Level 1 for those just starting out who may not have many resources,
  • Level 2 for those who are mid-level teams starting to mature, and
  • Level 3 for those with more advanced cybersecurity teams and resources.

Read more…