Understanding the Attack Chain Helps to Counter Threats

Security teams are struggling to keep pace with the changes in their networks. Hybrid work, multi-cloud, the explosion of IoT and BYOD devices, and 5G. Meanwhile, cybercriminals have been undergoing their own digital transformation. Machine learning and agile development, new sophisticated attacks, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities. In fact, a recent FortiGuard Labs threat report demonstrated that ransomware increased tenfold in the last year.

Understanding the MITRE Attack Chain

Effectively defending against cyberattacks today requires security teams to work smarter rather than harder. Cybercriminal strategies target every link in an attack chain, from gathering information and gaining access, to moving laterally across the network to discover resources to target, to evading detection while exfiltrating data. Traditional security strategies, however, tend to only focus on a handful of attack components, which gives criminals a significant advantage.

To address today's challenges, security teams need a combination of tools, strategy, automation, and skilled professionals to monitor the entire attack chain and automate as much of the process as possible so that human resources can be focused on higher order analysis and response. Choosing such tools, however, requires understanding the entire length of the attack chain and how vulnerabilities in each of its links can compromise the security of your network.

To assist with this, MITRE has mapped the attack chain into Fourteen discrete links, along with examples of the types of attacks that target each link in that chain. To effectively counter today's advanced threats, security teams need to familiarize themselves with each link in the chain and map them directly to functional areas and tools within their own networks.