Threat Modelling with MITRE ATT&CK®
First of all – why is threat modelling important when implementing programs of change?
Whether it be a Web Application or Hosting infrastructure project, to identify issues as early in the lifecycle as possible is massively important. Threat modelling is an invaluable tool when used early on in the design phase – before any infrastructure of application code is written. With the potential threats and associated risks identified, Security Architects and Software Engineers can address them during development instead of after.
DevOps & Software engineers can also put in compensating controls that lessen the likelihood of a vulnerability being exploited and/or lessen the impact of an exploit.
It is generally understood that shifting security to the left is an important way of securing workloads and producing higher quality services. Threat modelling is yet another tool in the Secure Design toolbox.
What is MITRE?
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK knowledgebase is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The video below provides a great overview:
While there are many ways to use ATT&CK, using it for an assessment of your Cyber defense capability is one of the important ones.
In the framework, there are twelve main areas of tactics and a number of techniques under each of these areas:
ATT&CK Navigator is a great tool to start assessment of your current capability of defending against different types of attacks, find gaps, and adjust your strategy and roadmap accordingly.