STANDARDISED LANGUAGE AND CONTEXT
The MITRE ATT&CK framework provides a standardised language and contextual framework for describing security vulnerabilities. This allows security professionals to communicate and report vulnerabilities in a consistent and clear manner.
ENHANCED VISIBILITY AND PRIORITISATION
The MITRE ATT&CK framework helps security teams gain better visibility into the potential impact of a vulnerability. By mapping the vulnerability to specific tactics and techniques, it becomes easier to assess the level of risk associated with the vulnerability and prioritise remediation efforts accordingly.
COMPLEXITY AND GRANULARITY
The MITRE ATT&CK framework is detailed and extensive, encompassing numerous tactics, techniques, and sub-techniques. Salus Cyber solves this by optionally including post-exercise washup meetings, where the complexities of the relevant areas of the framework can be explained in greater detail.
LIMITED COVERAGE OR GAPS
The MITRE ATT&CK framework is continuously evolving and being updated with new adversary tactics and techniques. However, there may still be instances where a vulnerability does not have a direct match within the framework, especially if it involves emerging or unique attack vectors. Using a combination of the MITRE ATT&CK framework, NCSC CAF, and our own categorisation methodology, Salus Cyber consultants can relate the vulnerabilities in your network in objective, understandable terms that are useful for your organisation.