Matrices/Platforms
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 1, Lesson 2, matrices and platforms.
00:00
In this lesson, we will explore how
00:00
matrices are used to visualize ATT&CK,
00:00
begin to understand the differences
00:00
between various ATT&CK platforms,
00:00
and identify the relationships
00:00
between these different platforms.
00:00
You may have already seen this, but ATT&CK is
00:00
typically visualized in what we call a matrix,
00:00
which captures the relationships between tactics,
00:00
techniques, and sub-techniques.
00:00
ATT&CK is not one matrix though,
00:00
rather a series or collection of matrices,
00:00
each of which focuses on
00:00
specific technology domain or
00:00
ecosystem that the adversary is operating within.
00:00
This is ATT&CK's oldest and most popular matrix
00:00
which captures the enterprise technology domain.
00:00
The enterprise technology domain is indicative of
00:00
a traditional enterprise network
00:00
and associated cloud technologies.
00:00
As we can see, this matrix is comprised of
00:00
14 tactics and various techniques
00:00
that an adversary may reform.
00:00
Within each technology domain,
00:00
ATT&CK also defines what we call
00:00
platforms or specific systems
00:00
that an adversary may operate against.
00:00
In the case of enterprise,
00:00
we can see they're various platforms defined,
00:00
which may be indicative of
00:00
operating systems or specific applications,
00:00
such as Windows, Linux,
00:00
MacOS, Cloud, or network.
00:00
Enterprise also includes the pre-platform,
00:00
which captures behaviors performed by
00:00
an adversary pre-compromise,
00:00
such as those under
00:00
the reconnaissance and resource development tactics.
00:00
ATT&CK also includes technology domains
00:00
outside of enterprise, such as mobile,
00:00
which is platforms for Android and iOS,
00:00
and ATT&CK for industrial control systems,
00:00
or ICS, which includes
00:00
behaviors performed against various
00:00
operational technologies.
00:00
Although distinct, overlapping redundancies
00:00
often exist between matrices.
00:00
This is based on the fact that adversaries perform
00:00
very similar behaviors between
00:00
different technology domains and platforms.
00:00
They may also perform actions
00:00
that spanned various technologies.
00:00
With that, we reach our knowledge check for Lesson 2.
00:00
True or false? Each ATT&CK matrix
00:00
is completely distinct from other matrices.
00:00
Please pause the video and take a second to think
00:00
of the correct answer before proceeding.
00:00
The answer is knowledge check is false.
00:00
There are very often
00:00
overlapping redundancies between matrices within ATT&CK.
00:00
With that, we've reached the end of Lesson 2.
00:00
In summary, matrices capture
00:00
the relationship between tactics,
00:00
techniques, and procedures within ATT&CK.
00:00
Each matrix focuses on specific technology domain,
00:00
it may also be filtered down to a specific platform.
00:00
Finally, while ATT&CK matrices are unique,
00:00
very often their relationships can overlap in many ways.
Up Next
Similar Content
