We have explained the process of threat modeling and the related steps including scope definition, asset identification, threat research and mapping, risk and vulnerability assessment and monitoring and evaluation. We also explained and covered the MITRE ATT&CK framework that is used to study and map attacker’s tactics, techniques and procedures with the identified assets in the threat modeling plan.

Get Blue Team Notes

What is Threat Modelling?

Threat modelling is a systematic approach to identifying, prioritising, and addressing potential security threats across the organisation. By simulating possible attack scenarios and assessing the existing vulnerabilities of the organisation’s interconnected systems and applications, threat modelling enables organisations to develop proactive security measures and make informed decisions about resource allocation.

Threat modelling aims to reduce an organisation’s overall risk exposure by identifying vulnerabilities and potential attack vectors, allowing for adequate security controls and strategies. This process is essential for constructing a robust defence strategy against the ever-evolving cyber threat landscape.

MITRE ATT&CK Framework

For a quick refresher, let’s define MITRE ATT&CK again.

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive, globally accessible knowledge base of cyber adversary behaviour and tactics. Developed by the MITRE Corporation, it is a valuable resource for organisations to understand the different stages of cyber attacks and develop effective defences.

The ATT&CK framework is organised into a matrix that covers various tactics (high-level objectives) and techniques (methods used to achieve goals). The framework includes descriptions, examples, and mitigations for each technique, providing a detailed overview of threat actors’ methods and tools.

Utilising MITRE ATT&CK for Different Use Cases

Aside from incorporating MITRE ATT&CK in a threat modelling process, MITRE ATT&CK can be used in various cases depending on your organisation’s needs. To wrap up this task, here is a list of some use cases for utilising this framework.

  1. Identifying potential attack paths based on your infrastructureBased on your assets, the framework can map possible attack paths an attacker might use to compromise your organisation. For example, if your organisation uses Office 365, all techniques attributed to this platform are relevant to your threat modelling exercise.
  2. Developing threat scenariosMITRE ATT&CK has attributed all tactics and techniques to known threat groups. This information can be leveraged to assess your organisation based on threat groups identified to be targeting the same industry.
  3. Prioritizing vulnerability remediationThe information provided for each MITRE ATT&CK technique can be used to assess the significant impact that may occur if your organisation experiences a similar attack. Given this, your security team can identify the most critical vulnerabilities to address.

Room Answers

What is the technique ID of “Exploit Public-Facing Application”?

Under what tactic does this technique belong?

How many MITRE ATT&CK techniques are attributed to APT33?

Upon applying the IaaS platform filter, how many techniques are under the Discovery tactic?

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles