Microsoft, Industry Partners Unveil Criterion for Mitre ATT&CK Prioritization

A Mitre-operated research and development organization and Microsoft (Nasdaq: MSFT) have launched a collaborative project with other industry partners in an effort to provide cybersecurity professionals with an open methodology for prioritizing Mitre ATT&CK techniques based on organizational needs.

The initiative identified prevalence, choke point and actionability as the three factors in establishing the top ATT&CK techniques that could help in spotting threat trends, the Microsoft 365 Defender Research Team wrote in a blog post published Wednesday.

According to the Mitre Center for Threat-Informed Defense, Microsoft and their partners, prevalence or the usage frequency of an ATT&CK technique could indicate which one is more likely to be employed in multiple attack scenarios while choke points could help map behaviors or steps throughout attack chains. Lastly, actionability represents an opportunity for technique detection and mitigation.

The project also listed the top 10 techniques used in ransomware attacks and provided a web-based calculator to assist in applying the methodology to various scenarios.

Microsoft, Industry Partners Unveil Criterion for Mitre ATT&CK Prioritization

On May 18, the Potomac Officers Club will host its 2022 CMMC Forum to share federal and industry-led efforts to comply with the Cybersecurity Maturity Model Certification requirements of the Department of Defense. The event will feature cybersecurity executives and officials who will share their insights about the new framework. Microsoft’s federal business arm is one of the event sponsors. Click here to register!

Sponsor