Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access.

DirectDefense
April 15, 2025
MITRE ATT&CKInitial accessPersistenceLateral movementExecution

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access. — This cybersecurity statistic was published by DirectDefense in April 2025. It covers topics including MITRE ATT&CK, Initial access, Persistence, Lateral movement, Execution. The original data appears in 2025 Security Operations Threat Report. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 4/15/2025

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access. This data was published by DirectDefense and covers MITRE ATT&CK, Initial access, Persistence, Lateral movement, Execution.

Where does this data come from?

This statistic comes from 2025 Security Operations Threat Report, published by DirectDefense on April 15, 2025. You can view the original report at https://www.directdefense.com/gain-clarity/threat-report/.

What cybersecurity topics does this cover?

This statistic relates to MITRE ATT&CK, Initial access, Persistence, Lateral movement, Execution. Browse more statistics on MITRE ATT&CK or from DirectDefense.

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

42% of MSPs now rely on MITRE ATT&CK Evaluations as their top vendor assessment resource.

Cynet7/23/2025
MSPMITRE ATT&CK

On average, enterprise SIEMs only have detection coverage for 21% of adversary techniques defined in the MITRE ATT&CK framework. This is a 2% increase in coverage from the 2024 report.

CardinalOps6/5/2025
SIEMMITRE ATT&CK

79% of MITRE ATT&CK Techniques used by adversaries are missed by enterprise SIEMs.

CardinalOps6/5/2025
SIEMMITRE ATT&CK

Growth in security alerts related to the MITRE security framework are up 30%

Akamai4/22/2025
MITRE ATT&CKAlerts

For Lateral Movement, the most observed technique by DirectDefense is Valid Accounts, using stolen credentials to escalate privileges. Alerts triggered for Lateral Movement include: Lateral Movement – Local Credentials.

DirectDefense4/15/2025
MITRE ATT&CKLateral movementValid accounts

For Initial Access, the most observed technique by DirectDefense is Valid Accounts, which involves leveraging stolen credentials for unauthorized access. Alerts triggered for Initial Access include: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

DirectDefense4/15/2025
MITRE ATT&CKInitial accessValid accounts

Browse by Topic

MITRE ATT&CKInitial accessPersistenceLateral movementExecutionMore from DirectDefense

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights