Blog Post

MITRE ATT&CK Framework Mapped to Awake Detections

The MITRE ATT&CK Framework is an important collection of adversary tactics, techniques and procedures (TTPs) that are used to launch attacks against enterprise networks. The Framework maps TTPs across different aspects of attack stages and activities—from initial access to data exfiltration and every activity in between.

While it started out primarily with an endpoint-focused view, the Framework has evolved as MITRE works with more industry researchers (including those at Awake Security) to broaden the scope of known TTPs and the relevant detection capabilities. This evolution acknowledges that tools that operate with the purview of an entire network can detect threats that exist beyond the scope of the endpoint. These include threats on unmanaged infrastructure such as shadow IT, Internet of Things (IoT), and Operational Technology (OT) networks.

MITRE ATT&CK Framework & Network Traffic Analysis

With a deep ability to understand network behaviors, Awake fills the gaps left by endpoint and log-based detection tools. Awake has the view of the entire network and the ability to understand whether a particular activity makes sense for a specific environment. The following datasheet dives into detail about the types of techniques Awake detects and how they map to the MITRE ATT&CK Framework, including:

  • Initial access
  • Execution
  • Persistence
  • Privilege escalation
  • Defense evasion
  • Credential access
  • Discovery
  • Lateral movement
  • Collection
  • Command and control (C&C)
  • Exfiltration
  • Impact
  • …plus a bonus technique that is currently not part of the Framework, but one Awake considers to be an important pre-attack condition that must be considered.

Increasingly, customers use the MITRE ATT&CK Framework to identify gaps in their security defenses. This is especially true as they look to invest in solutions like Awake that can bridge those gaps, improve detection efficacy, and uncover threats that their existing tools cannot detect (especially when looking for attackers through a threat hunting approach). For instance, credential access, command, and control, lateral movement and exfiltration continue to challenge customers, even those with relatively mature security programs.

The MITRE ATT&CK Framework was developed out of a need to first understand common TTPs and to then enable the creation of solutions that can detect and mitigate those threats. As the threat landscape continues to evolve, so will Awake. Schedule a demo to learn more today.

Rudolph Araujo
Rudolph Araujo

VP, Marketing