Fill in Order Details

  • Submit paper details for free using our simple order form

Make Payment Securely

  • Add funds to your account. There are no upfront payments. The writer will only be paid once you have approved your paper

Writing Process

  • The best qualified expert writer is assigned to work on your order
  • Your paper is written to standard and delivered as per your instructions

Download your paper

  • Download the completed paper from your online account or your email
  • You can request a plagiarism and quality report along with your paper
Posted on by admin

Mitre Mapping

Mitre Mapping

Name

Module Code and Name

Instructor

Date

Mitre Mapping

Often, the first step in protecting networks and data is to figure out how attackers might act. This information is very important for network defenders to find and stop intrusions because they depend on it. The MITRE ATT&CK (Advanced Tactics and Computer Hacking Tactics and Techniques) system is a knowledge bank that can be accessed anywhere in the world (Kwon et al., 2020). It is based on real observations of the tactics and strategies of opponents. The ATT&CK knowledge base is used to build specialized threat models and methods for businesses, the government, and the community of cybersecurity product and service providers. ATT&CK is free, available to anyone, and can be used by any company on the planet. Its goal is to get communities to work together to make better cybersecurity. In their analysis, Al-Shaer, Spring, and Christou (2020, p.3) define the MITRE ATT&CK architecture as one that shows how a security attack can be done in many different ways. It shows the common strategies, operational procedures, and tactics used in sophisticated, persistent attacks on business networks. Successful ATT&CK applications should provide a clear and consistent set of mappings that can be used in reporting for detection, response, and mitigation, as well as for making adversary profiles and analyzing activity trends.

For network protection, analysts can choose their own starting point when using Mitre Mapping based on the information they have and how well they know ATT&CK. One example is the difference between the words tactics and techniques. The first step in getting rid of areas of possible intrusion is to be aware of it. Looking for signs of attack is different from looking for signs of compromise, malware file hashes, URLs, domain names, and other traces of a previous attack (Georgiadou, Mouzakitis, and Askounis, 2021). The first step of a mitre mapping pprocess is to look for signs of how the attacker interacts with different platforms and applications to find a pattern of strange or suspicious behavior (Kwon et al., 2020, p. 107). At this point in the process, analysts try to figure out how the initial breach happened and how the post-breach activity was done.

In the second stage, behavior analysis is done in order to determine how best to protect networks. More research might be needed to get the background information needed to understand why an opponent or program might be acting in a hostile way. Analysts have to look at the original source reports to see how the behavior was described. There are also reports from security groups, government cyber groups, international CERTS, internet sources that may be helpful in the mapping process (Tatam et al., 2021). Even though not every enemy operation can be broken down into methods and sub-techniques, a mix of technical details can show the overall behavior and goals of the enemy. The analysts have to look for words that will help them figure out what is going on. In reports, it is common to look for key verbs that point to aggressive behavior. Analysts can use terminologies such as to execute a command, make a connection, create a scheduled task, and send a connection request.

The next step is to figure out what strategies have been used. Analysts must carefully look over the report to figure out how the enemy attacked and where it was going as a whole within a network. The first step in this process is to figure out the opponent’s plan, which is also called their goals. Focus on your opponent’s goals and what drives them instead of their techniques. A common operational strategy is to look for signs that could show if the target wanted to steal, trash, or improve their rights (Hacks et al., 2021). After the mapping is done, analysts must look at the definitions of strategies to see if the behaviors seen could be interpreted as taking a certain approach. If analysts know how the attack went, they may be able to figure out what methods or sub-strategies an attacker used.

The next thing for analysts to do is to decide what methods will be used in accordance to the network they operate in. Analysts must look at the technical details of how the opponent plans to reach their goals when they are mapping. This comes after figuring out what the enemy is doing. For example, in order to know how to respond, analysts need to know how the attacker got in the first time. One of the most important things to think about is whether or not access was gained through spear phishing or a third-party remote service (Ahmadjee et al., 2022, p. 7). The next step in mitre mapping is to narrow down the options by looking at the report and judging the behaviors that have been seen. Analysts can only map down to the strategy level if they don’t have enough information to come up with a good plan, and this level of analysis doesn’t give any information that can be seen. Analysts are taught to see a foe’s tactics and sub-techniques as parts of their playbook, not as separate things they do on their own. Opponents often use the information they get from each operation to decide what techniques to use next in the attack cycle. So, the tactics of an attack are often linked together.

The fifth step of mapping is to list all of the different sub-techniques that are used within a network. Analysts should read through the descriptions of the sub-techniques to see if they match the information in the report. When there is alignment, it usually means that the current sub-technique is right. Because the reporting isn’t always clear, Pell et al. (2021) notes that it may not be able to figure out the exact sub-technique in some cases. When there isn’t enough information to find a sub-method, you should only map everything to the parent technique. If it’s hard to figure out what a sub-technique is, it might not always be there. The new information could either confirm a mapping or show that more research needs to be done on an alternative mapping (Georgiadou, Mouzakitis, and Askounis, 2021, p. 3267). There is always a chance that a certain behavior points to a new technique that ATT&CK hasn’t looked into yet. This is very important to keep in mind.

Finally, at the end of the mapping process, it should be possible to compare the results to what other analysts have found. Analysts must work with other analysts to improve their maps, since mapping is a group activity. Working on mappings with other analysts is helpful because it gives you a wider range of perspectives and sheds light on other points of view. This may help you become more aware of possible analyst bias. Using a methodical approach that includes peer review and consultation can help people share different points of view, learn more, and improve performance as a whole (Pell et al., 2021). Peers could look at a report with notes on the proposed strategy, methods, and sub-techniques to map TTPs that were missed in the first study. If this method is used, the mapping work of the whole team might be more consistent.

Reference List

Ahmadjee, S., Mera-Gómez, C., Bahsoon, R. and Kazman, R., 2022, ‘A study on blockchain architecture design decisions and their security attacks and threats’, ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 31, no. 2, pp.1-45.

Al-Shaer, R., Spring, J.M. and Christou, E., 2020, ‘Learning the associations of mitre att&ck adversarial techniques’, In 2020 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE.

Georgiadou, A., Mouzakitis, S. and Askounis, D., 2021, ‘Assessing mitre att&ck risk using a cyber-security culture framework’, Sensors, vol. 21, no. 9, p.3267.

Hacks, S., Butun, I., Lagerström, R., Buhaiu, A., Georgiadou, A. and Michalitsi Psarrou, A., 2021, ‘Integrating security behavior into attack simulations’, In The 16th International Conference on Availability, Reliability and Security (pp. 1-13).

Kwon, R., Ashley, T., Castleberry, J., Mckenzie, P. and Gourisetti, S.N.G., 2020, ‘Cyber threat dictionary using mitre att&ck matrix and nist cybersecurity framework mapping’, In 2020 Resilience Week (RWS) (pp. 106-112). IEEE.

Pell, R., Moschoyiannis, S., Panaousis, E. and Heartfield, R., 2021, ‘Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT&CK’, arXiv preprint arXiv:2108.11206.

Tatam, M., Shanmugam, B., Azam, S. and Kannoorpatti, K., 2021, ‘A review of threat modelling approaches for APT-style attacks’, Heliyon, vol. 7, no. 1, p.e05969.

ORDER A SIMILAR PAPER AND DELEGATE FULFILMENT OF YOUR ASSIGNMENT TO EXPERT ACADEMIC WRITERS. PLAGIARISM-FREE, GUARANTEED A, TIMELY DELIVERY.

strategic planning visioning session

WHAT OUR CURRENT CUSTOMERS SAY

  • Google
  • Sitejabber
  • Trustpilot
Zahraa S
Zahraa S
Absolutely spot on. I have had the best experience with Elite Academic Research and all my work have scored highly. Thank you for your professionalism and using expert writers with vast and outstanding knowledge in their fields. I highly recommend any day and time.
Stuart L
Stuart L
Thanks for keeping me sane for getting everything out of the way, I’ve been stuck working more than full time and balancing the rest but I’m glad you’ve been ensuring my school work is taken care of. I'll recommend Elite Academic Research to anyone who seeks quality academic help, thank you so much!
Mindi D
Mindi D
Brilliant writers and awesome support team. You can tell by the depth of research and the quality of work delivered that the writers care deeply about delivering that perfect grade.
Samuel Y
Samuel Y
I really appreciate the work all your amazing writers do to ensure that my papers are always delivered on time and always of the highest quality. I was at a crossroads last semester and I almost dropped out of school because of the many issues that were bombarding but I am glad a friend referred me to you guys. You came up big for me and continue to do so. I just wish I knew about your services earlier.
Cindy L
Cindy L
You can't fault the paper quality and speed of delivery. I have been using these guys for the past 3 years and I not even once have they ever failed me. They deliver properly researched papers way ahead of time. Each time I think I have had the best their professional writers surprise me with even better quality work. Elite Academic Research is a true Gem among essay writing companies.
Got an A and plagiarism percent was less than 10%! Thanks!
prevnext

ORDER NOW

CategoriesUncategorized

Consider Your Assignments Done

“All my friends and I are getting help from eliteacademicresearch. It’s every college student’s best kept secret!”

Jermaine Byrant
BSN

“I was apprehensive at first. But I must say it was a great experience and well worth the price. I got an A!”

Nicole Johnson
Finance & Economics

ORDER NOW

Our Top Experts

See Why Our Clients Hire Us Again And Again!


OVER

10.3k
Reviews

RATING
4.89/5
Average

YEARS
13
Mastery

Success Guarantee

When you order form the best, some of your greatest problems as a student are solved!

Reliable

Professional

Affordable

Quick

See our Results

ORDER YOUR ASSIGNMENT NOW

Using this writing service is legal and is not prohibited by any law, university or college policies. Services of Elite Academic Research are provided for research and study purposes only with the intent to help students improve their writing and academic experience. We do not condone or encourage cheating, academic dishonesty, or any form of plagiarism. Our original, plagiarism-free, zero-AI expert samples should only be used as references. It is your responsibility to cite any outside sources appropriately. This service will be useful for students looking for quick, reliable, and efficient online class-help on a variety of topics.