The MITRE ATT&CK framework is created as a comprehensive framework based on the tactics and techniques used in actual attacks. It is widely known and can be applied to a wide variety of processes, such as SEC monitoring, pen testing and red teaming. Next to the different ATT&CK matrices, MITRE also developed the PRE-ATT&CK matrix. PRE-ATT&CK focuses more on the preparation stages of a cyber-attack, whereas ATT&CK is more applicable when an attack is being executed. Both help IT security teams determine what attack methods they have to defend against.
This whitepaper describes the process of mapping attacks to the MITRE PRE ATT&CK matrix to provide insights into the way ASM solutions can help prevent attacks.