MITRE ATT&CK organizes how adversaries operate so defenders can align detections, controls, and testing to real-world behavior.
How teams use ATT&CK
- Gap analysis: map current detections to coverage gaps.
- Purple teaming: simulate techniques to test controls.
- Threat intelligence: enrich incidents with adversary context.
Helpful resources
- Enterprise matrix for traditional and cloud environments.
- Managed services navigator for mapping controls to ATT&CK.
- Regular updates from MITRE’s open-source community.
Explore More Risk & Resilience
View all termsBusiness Impact Analysis (BIA)
An assessment that identifies critical business processes and quantifies the impact of their disruption.
Read more →Cyber Insurance
Insurance coverage that protects organizations against financial losses from cyberattacks and data breaches.
Read more →Data Breach Cost
The total financial impact of a security incident, including detection, response, notification, and long-term damages.
Read more →Incident Response Plan (IRP)
A documented, tested approach for detecting, containing, and recovering from cybersecurity incidents.
Read more →Ransomware
Malware that encrypts systems or exfiltrates data, demanding payment to restore access or prevent disclosure.
Read more →Return on Security Investment (ROSI)
A metric that quantifies the financial benefit of security investments relative to their cost.
Read more →