Foreword v
Introduction 1
About This Book 1
Icons Used in This Book 1
Beyond the Book 2
Chapter 1: Understanding MITRE ATT&CK and Cybersecurity 3
Identifying What MITRE ATT&CK Is 4
Using Threat Intelligence and MITRE ATT&CK 6
Deploying a Threat-Informed Defense and ATT&CK 8
Chapter 2: Using Threat Intelligence and Threat-Informed Defense 9
Level 1: Using CTI with Limited Resources 10
Level 2: Working with a More Developed Team 10
Level 3: CTI with an Advanced Team 12
Chapter 3: Building Detection and Analytics 13
Level 1: Limited Resources 13
Understanding analytics 14
Incorporating analytics into your SIEM 14
Level 2: Using Analytics on a More Developed Team 16
Level 3: Using Analytics on an Advanced Team 16
Chapter 4: Conducting Emulations and Purple Teaming 19
Level 1: Adversary Emulation with Limited Resources 19
Level 2: Adversary Emulation with Moderate Resources 21
Level 3: Adversary Emulation on an Advanced Team 22
Chapter 5: Developing Assessments and Engineering 25
Level 1: Conducting Assessments with Limited Resources 26
Level 2: More Advanced Analytics and Engineering 27
Level 3: Advanced Analytics and Engineering 29
Chapter 6: Making MITRE ATT&CK Operational 31
Moving from Threat Intelligence to Threat-Informed Defense 31
Mapping Success across the Organization 32
Chapter 7: Looking at a Use Case: Leveraging MITRE ATT&CK in the Financial Sector 35
Meeting the Firm 35
Defining the Threats 36
Understanding Your Adversaries 36
Making ATT&CK Useful 37
Seeing the End Result 38
Chapter 8: Ten Ways to Apply the MITRE ATT&CK Framework 39
Cyberthreat Intelligence 39
Automated Testing and Auditing 40
Security Risk Management and Strategy 40
Regulatory and Compliance Mapping 40
Security Control Rationalization 41
Analyst Training and Exercises 41
Threat Hunting 41
Commercial Security Solutions Evaluations 41
Security Pipeline Validation 42
Business Enablement 42
