Thread Reader

Mick Douglas πŸ‡ΊπŸ‡¦πŸŒ»


Sep 22

6 tweets

Look folks, MITRE's ATT&CK Matrix is great... but did you know there are firms (and attackers) who do stuff that's not on the matrix? 1

Also, if you really do have 100% coverage, that's great... but please understand that within each technique there's nearly an infinity of options on how to obfuscate or hide. 2

MITRE has repeatedly stated that ATT&CK is NOT a checklist. Those of you who are treating it as such are going to be in for some VERY rude reality checks at some point in the future. 3

I think ATT&CK is great. Use it, but don't over-use it. It's a community consensus project. It's not holy text carved into some stone tablets. 4

I think MITRE is awesome. You should check out CWE. That's a project that the community SHOULD be focusing on SO SO SO SO much more. If you're looking for something closer to a checklist... CWE is what you really want. 5

I'll just finish this rant with this. MITRE's ATT&CK is great. Use it. But don't think that it'll save you. It's a thought pattern... it's a common set of terms... it is NOT a path to certain victory... but used correctly it can and should improve your security posture. 6

Mick Douglas πŸ‡ΊπŸ‡¦πŸŒ»


Consultant for InfoSec Innovations | SANS Principal Instructor | IANS Faculty | I like information security. How about you?

Follow on Twitter

Missing some tweets in this thread? Or failed to load images or videos? You can try to .