How to Use MITRE ATT&CK
Are we good? This question should give a security team pause. Where do they begin to explain the complexities and nuances of the risks posed by cyber threats? What does “good” mean to an analyst, SOC manager, or CISO? The executive often only wants a yes or no. She may not have the time to pick apart anything more complicated.
The same question hovers around proof of concept evaluations for new cybersecurity solutions. As independent antivirus vendor testing often reports results with mere tenths of a percent separating the top solutions by only testing a fraction of the possible attack surface (exploits, malware, and not much more), finding a material difference to justify a purchase decision becomes a challenge.