Ambiguous Techniques
With Ambiguous Techniques, you will reduce false positives, focus on the highest‑value log sources, and uncover adversarial use of …
May 3, 2021
Project Summary
This project investigated the viability of adding container-related techniques into MITRE ATT&CK, leading to the development of an ATT&CK for Containers matrix. This work covers both orchestration-level (e.g., Kubernetes) and container-level (e.g., Docker) adversary behaviors in a single Containers platform which has been incorporated in version 9 of ATT&CK. The project team worked with contributors from around the world to identify and refine both existing ATT&CK techniques as well as completely new container-specific ones.
Problem
Defenders lack visibility into adversary behaviors in and against container technologies leaving their organizations exposed to emerging threats.
Solution
Expand MITRE ATT&CK to describe adversary behaviors in and against container technologies including Docker and Kubernetes.
Impact
Brings focus to adversary behaviors in an emergent domain leveraging the well-understood and widely adopted ATT&CK methodology.
Funding Research Participants
Explore More of Our Work:
Threat-Informed Defense for Cloud Security
Use our latest mappings to replace assumption-driven cloud defense with evidence-based decisions to stop cloud adversaries in their tracks. With …
INFORM Your Defense
MITRE INFORM is a program-level assessment designed to show how threat-informed your organization is and where to improve next across cyber …
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.