The MITRE ATT&CK framework has become a valuable tool for security teams to identify gaps in their threat detection capabilities. When ExtraHop added MITRE ATT&CK mapping into our Reveal(x) product interface, our customers were delighted. Many immediately wanted to learn more about how network data is used for threat detection and response.
In the latest update, version 9, MITRE has updated ATT&CK to include new attack techniques and offer a greater understanding of the network as a data source, with input from ExtraHop. Previously, network data was under-represented in the ATT&CK framework. Most tactics, techniques, and procedures (TTPs) relied on endpoint monitoring and activity logs (both of which are important and still heavily represented) for threat detection and response. By contributing this expertise to the MITRE ATT&CK framework, ExtraHop will help security teams fill one of the biggest security tooling and visibility gaps: the network.