Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

What Is MITRE ATT&CK?

MITRE ATT&CK is a knowledge base of the methods that attackers use against enterprise systems, cloud apps, mobile devices, and industrial control systems. ATT&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge, can help you understand how cyber attackers think and work.

What is MITRE?

The MITRE Corporation is a non-profit organization, founded in 1958, that provides engineering and technical guidance on advanced technology problems like cybersecurity for a safer world.

Why is ATT&CK important?

ATT&CK amasses information that can help you understand how attackers behave so you can better protect your organization and defend against cyber threats.

What is an ATT&CK Matrix?

MITRE organizes its observations about attack behaviors into tables called Matrices. Each Matrix addresses a different target, like enterprise operating systems and cloud platforms, mobile devices, or industrial control systems.

What are TTPs?

ATT&CK's descriptions of tactics, techniques, and procedures (TTPs) provide deep insight into attacker behavior. Tactics describe their goals, like getting inside your network or stealing credentials. Techniques show how they do it. Procedures are highly detailed examples of the tools and actions of specific attacker groups.

What are ATT&CK Mitigations?

Mitigations explain how to defend against attacker TTPs. A single Mitigation can apply to multiple TTPs; for instance, multi-factor authentication addresses account manipulation, brute force, external remote services, and many others.

ATT&CK Matrices

ATT&CK Matrix for Enterprise

Enterprise Matrix is designed for defenders of Windows, macOS, Linux, and Cloud platforms like AWS, GCP, Azure, Azure AD, Office 365, and SaaS.


ATT&CK for Mobile

Mobile Matrix is intended for defenders of Android and iOS mobile platforms.


ATT&CK ICS

This Matrix is geared for defenders of industrial control systems (ICS) including operations technology (OT) and Industrial Internet of Things (IIoT) devices.


PRE-ATT&CK

PRE-ATT&CK Matrix educates security teams on what attackers do before they strike, like gathering information, selecting targets, and identifying weaknesses that can be exploited.