By browsing our website, you agree to our use of cookies and we thank you.
Our privacy policy is located here.
MITRE ATT&CK STAGES How MDR Can Help
For years, security practitioners and stakeholders have searched for a common language to describe threats and align appropriate defenses. MITRE ATT&CK is an open framework and knowledge base of adversary tactics and techniques based on real-world threat observations. It covers reconnaissance, often the first stage in an attack, when an attacker is first gathering information about a potential target, through data exfiltration and business impact.
At Pondurance, we protect our Managed Detection and Response (MDR) customers at every stage of the ATT&CK framework with our 24/7 monitoring, detection and response services. This graphic describes the different ATT&CK stages, attacker methods and how we help our clients.
MITRE ATT&CK Stages
Reconnaissance
What are their goals?
Search for victims and find a way in.
Methods
Research internet facing devices, running applications, open ports and unpatched vulnerabilities.
How Pondurance Helps
Our Vulnerability Management service adds precision, priority and efficiency, reducing the attack surface presented to would-be attackers.
Our MDR service can detect reconnaissance activities, initiate proactive blocking and leverage threat intelligence to distinguish between opportunistic and targeted attackers.
Resource Development
What are their goals?
Build, buy or partner to get the tools needed for an attack.
Methods
Prepare for the attack by choosing exploits to run, domains and malware to use.
How Pondurance Helps
Our threat research team, a component of our MDR service, maintains a view into new attacker tools, techniques and infrastructure, such as newly observed domains (NODs).
Initial Access
What are their goals?
Take advantage of an operational or technical vulnerability to get “one foot in the door”.
Methods
Leverage brute force, stolen credentials, software vulnerabilities or spear phishing techniques to gain access.
How Pondurance Helps
Through monitoring network, endpoint, application, cloud infrastructure, end user activity and applying threat intelligence and analytics, our MDR service is able to identify attackers attempting to gain access and quickly close the door on them.
Execution
What are their goals?
Get a victim’s system to do what they want it to do.
Methods
Leverage malicious code or benign software to run commands of interest on a target machine.
How Pondurance Helps
Our MDR service is able to both identify malware in-transit and on endpoints. We apply machine learning and artificial intelligence to uncover previously unknown malware samples — blocking them prior to execution.
Persistence
What are their goals?
Ensure they can maintain access even if passwords are changed.
Methods
Manipulate credentials, authentication keys, system boot instructions or install a backdoor.
How Pondurance Helps
Our MDR service actively monitors for and prevents unauthorized changes to persistent locations while actively hunting for prior compromises. This includes monitoring for changes that are different from normal day to day activities, by location or time of day.
Privilege Escalation
What are their goals?
Gain more permissions on the victim systems.
Methods
Escalate their privileges in the victim’s network either through creating an admin account or changing settings. Their main target is often the highest privilege they can get which is the domain controller.
How Pondurance Helps
Our MDR service both blocks and monitors for attempts to modify credential management processes or the domain controller.
Defense Evasion
What are their goals?
Avoid being detected by security controls.
Methods
Cover their footprints by modifying audit logs, blending in as a normal user or using packed or obfuscated tools.
How Pondurance Helps
While attackers are attempting to cover their tracks and blend in, our MDR service blocks and monitors for attempts to modify audit logs and impersonate legitimate processes, while actively monitoring for attacks on security controls.
Credential Access
What are their goals?
Gain access to legitimate usernames and passwords.
Methods
Use techniques such as keylogging, credential dumping or brute force methods to gain access to credentials and expand access across systems.
How Pondurance Helps
Our MDR service is able to both detect and block attempts to executive credential stealing techniques, while closely monitoring and protecting key credential stores such as the domain controller.
Discovery
What are their goals?
Study the network and connected systems.
Methods
Scour the network to understand accounts, software and systems on the internal network, often using native tools.
How Pondurance Helps
While many discovery techniques are designed to look benign, our MDR service actively monitors for these occurrences and leverages analytics to distinguish between legitimate and malicious occurrences.
Lateral Movement
What are their goals?
Move to other systems.
Methods
Take advantage of stolen credentials or exploit techniques to move across the network to gain better positioning and advance attack goals.
How Pondurance Helps
Through 360˚ visibility across network, endpoint, cloud infrastructure and logs, our MDR service is able to trace attacker steps, detecting and blocking them.
Collection
What are their goals?
Gather data of interest.
Methods
Gather intellectual property, PII or customer data of interest to ultimately achieve their goal and stage for exfiltration.
How Pondurance Helps
Our MDR service monitors for and prevents attacker attempts to access and dump valuable data from applications or systems.
Command & Control
What are their goals?
Send remote commands to compromised systems.
Methods
Control the attack by sending remote commands across the network, while trying to blend into normal network patterns.
How Pondurance Helps
Our MDR service monitors network traffic across a variety of protocols to reveal and stop hidden command and control attempts, even those that leverage legitimate domains or sequences to blend in with employee work patterns.
Exfiltration
What are their goals?
Steal data of interest.
Methods
This is where the bad actor attempts to steal data from the victim. Once they’ve collected the data they want, they often package it to avoid detection.
How Pondurance Helps
Our MDR service leverages multiple techniques across the attack kill chain to stop an attacker before data exfiltration. However, we also actively monitor network, log, cloud infrastructure and endpoint activity to uncover exfiltration at the earliest attempt.
Impact
What are their goals?
Manipulate, interrupt or destroy systems and data.
Methods
For example, bad actors encrypt the data and require a ransom payment to unlock it.
How Pondurance Helps
Our MDR service monitors, detects and blocks attempts to take actions that impact the availability or integrity of systems. In close partnership with our Incident Response team, we act fast, reducing the damage or loss that can occur from such attacker tactics.