Awake Covers the Spectrum of the MITRE ATT&CK Framework

The MITRE ATT&CK Framework is an important collection of adversary tactics, techniques, and procedures (TTPs) that are used in launching attacks against organizations. The framework was developed out of a need to first understand these common TTPs and to then enable the creation of solutions that can detect and mitigate the threats in both enterprise and mobile environments.

While the framework has been developed with a primarily endpoint-focused view of the world, it is evolving over time as MITRE works with more industry researchers, such as those from Awake Security, to broaden the scope of known TTPs and the relevant detection capabilities. This evolution acknowledges that tools that operate with the purview of an entire network can detect threats that exist beyond the scope of the endpoint. Such tools have a distinctly strong advantage in detecting attacks on unmanaged infrastructure, including shadow IT, Internet of Things (IoT), and Operational Technology (OT) networks as well as the cloud.

The MITRE ATT&CK Framework essentially maps TTPs across different aspects of attack stages and activities—from initial access to data exfiltration and every activity in between. Many of these activities go far beyond the endpoint, particularly in the later stages and this is where many existing security tools have their limitations. But Awake Security has the view of the entire network and the ability to understand whether a particular activity makes sense for a specific environment. With a deep ability to understand network behaviors, Awake fills the gaps left by endpoint and log-based detection tools. For example, Awake has insight into an attacker learning the network from the inside when moving around laterally.

Download PDF