Leveraging The MITRE ATT&CK® Framework to Drive Down Risk

Read Solution Brief


MITRE created the ATT&CK framework in 2013 to document common tactics, techniques, and procedures (TTPs) that advanced persistent threats use against Windows enterprise networks. Since its inception, the ATT&CK framework has grown to a vast knowledge base that covers adversarial actions not only against enterprise IT networks and cloud, but also mobile devices. The ATT&CK framework laid a solid foundation to get everyone speaking the same language, with a shared understanding of how threat actors’ maneuver. The framework also delivers a visual representation to better understand weaknesses in security defenses.

SafeBreach and MITRE ATT&CK

SafeBreach was an early contributor to the ATT&CK framework with our initial contributions spanning methods for exfiltration, evasion, and command and control. Since then, SafeBreach has continued to leverage the framework to allow organizations to quickly visualize their security posture and bring security and infrastructure teams together to update security controls and more effectively harden defenses.

How SafeBreach Leverages the MITRE ATT&CK Framework

SafeBreach continuously updates the Hacker’s Playbook™ to support the latest techniques and sub-techniques defined in the ATT&CK framework. The SafeBreach platform allows security teams to:

  • Simulate attacks against their production environment based on all SafeBreach Hacker’s Playbook attacks, specific MITRE ATT&CK techniques, and sub-techniques, or attacks based on a particular threat group
  • Produce a threat-intelligence based view of the organization’s security posture, based on the organized structure of the MITRE ATT&CK framework
  • Effectively communicate overall organizational risk exposure based on the ATT&CK framework as well as a risk by each MITRE tactic.

Exploring Results on the SafeBreach MITRE ATT&CK Board

SafeBreach's MITRE ATT&CK board mirrors the MITRE ATT&CK Enterprise Matrix while providing context for each technique and tactic based on the simulation results from your environment. The interactive heatmap helps organizations quickly visualize their security posture, focus on the areas most in need of remediation, and bring security and infrastructure teams together to update security controls and more effectively harden defenses.

MITRE ATT&CK Board in the SafeBreach Platform

The ATT&CK board provides a heatmap view of the status by techniques and tactics. The color coding reflects the risk score based on the number of not blocked simulations for the specified technique or tactic.

Color Coded Risk Score

The top row of SafeBreach’s ATT&CK board allows security teams to get an overall risk summary for that tactic.

Overall Tactic Risk Summary

Additionally, each cell in the SafeBreach MITRE ATT&CK board provides additional details on the technique including a link to the MITRE ATT&CK website; indications of the risk, the number of simulations that were logged, and the total number of simulations run for that technique.

Additional Details on Technique

Why SafeBreach Is Ideal for Use With MITRE ATT&CK

Our platform’s well-designed Breach and Attack Simulation (BAS) capabilities, supported by rigorous and extensive threat research provide security teams with an ideal platform to operationalize the MITRE ATT&CK framework –

  • SafeBreach continuously validates all defenses against the full range of MITRE ATT&CK threats drawing on a full playbook of executable attack methods
  • SafeBreach continually simulates breach methods and maps them to the MITRE ATT&CK framework, exposing the gaps that appear if a security tool is misconfigured or vulnerable
  • SafeBreach continuously adds coverage to the new techniques and sub-techniques added in the MITRE ATT&CK framework (including the latest version MITRE ATT&CK v9)

Additional Resources


  • 111 W Evelyn Ave
  • Sunnyvale, CA94086
  • USA
  • 408-743-5279

R&D Center

  • Yosef Karo St 18
  • Tel Aviv-Yafo,
  • Israel
  • +972-77-434-4506
© SafeBreach Inc. 2021