MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally recognized framework developed by the MITRE Corporation. Designed to categorize adversary tactics and techniques observed in real-world cyberattacks, it provides organizations with actionable insights to improve threat detection, response, and overall cybersecurity posture.
Often referred to as the ATT&CK Matrix, MITRE ATT&CK Framework, or simply the MITRE Framework, it organizes attacker behaviors into tactics (objectives) and techniques (methods) across specific domains like Enterprise, Mobile, and Industrial Control Systems (ICS). For more details, consult the official MITRE ATT&CK website.
The framework is critical for modern cybersecurity because it standardizes how organizations analyze, detect, and mitigate threats. Key benefits include:
Tactics represent high-level goals adversaries aim to achieve during an attack. Examples include:
Techniques describe how attackers achieve specific objectives. Examples include:
The framework organizes adversarial behaviors across environments:
Security Operations Center (SOC) teams map attacker behaviors to the ATT&CK Matrix to improve detection capabilities and prioritize responses.
Using this framework, red and purple teams replicate real-world threats to identify weaknesses and validate defenses. For a deeper dive into these simulation methods, explore Red Teaming.
The framework evaluates whether existing tools can detect or mitigate specific adversarial techniques. Learn how this process complements Security Control Validation to ensure defenses are robust and up to date.
Incident response teams use the MITRE ATT&CK Framework to analyze attack patterns, predict adversary actions, and guide mitigation efforts.
Each variation reflects the framework’s global recognition and its applicability across various cybersecurity use cases.
Download our Guide to CTEM Adoption.