List of MITRE ATT&CK Customers
Since 2010, our global team of researchers has been studying MITRE ATT&CK customers around the world, aggregating massive amounts of data points that form the basis of our forecast assumptions and perhaps the rise and fall of certain vendors and their products on a quarterly basis.
Each quarter our research team identifies companies that have purchased MITRE ATT&CK for Threat Modeling from public (Press Releases, Customer References, Testimonials, Case Studies and Success Stories) and proprietary sources, including the customer size, industry, location, implementation status, partner involvement, LOB Key Stakeholders and related IT decision-makers contact details.
Companies using MITRE ATT&CK for Threat Modeling include: ExxonMobil, a United States based Oil, Gas and Chemicals organisation with 57900 employees and revenues of $323.91 billion, Microsoft, a United States based Professional Services organisation with 221000 employees and revenues of $243.00 billion, JPMorgan Chase, a United States based Banking and Financial Services organisation with 317233 employees and revenues of $180.60 billion, HCA Healthcare, a United States based Healthcare organisation with 226000 employees and revenues of $70.60 billion and many others.
Contact us if you need a completed and verified list of companies using MITRE ATT&CK, including the breakdown by industry (21 Verticals), Geography (Region, Country, State, City), Company Size (Revenue, Employees, Asset) and related IT Decision Makers, Key Stakeholders, business and technology executives responsible for the software purchases.
The MITRE ATT&CK customer wins are being incorporated in our Enterprise Applications Buyer Insight and Technographics Customer Database which has over 100 data fields that detail company usage of software systems and their digital transformation initiatives. Apps Run The World wants to become your No. 1 technographic data source!
Apply Filters For Customers
| Logo | Customer | Industry | Empl. | Revenue | Country | Vendor | Application | Category | When | SI | Insight |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
ExxonMobil | Oil, Gas and Chemicals | 57900 | $323.9B | United States | MITRE | MITRE ATT&CK | Threat Modeling | 2021 | n/a |
In 2021 ExxonMobil implemented the MITRE ATT&CK framework as a core element of its Threat Modeling capability to standardize Tactics, Techniques, and Procedures mapping across SOC operations. The deployment anchored threat hunting and incident response workflows, integrating threat intelligence outputs into detection engineering and operational playbooks.
The implementation focused on functional modules for TTP mapping, detection rule development, threat hunting, and SOAR orchestration. MITRE ATT&CK was used to drive creation of custom detection rules and dashboards in Splunk, and to inform playbooks in Splunk Phantom SOAR, enabling automated alert triage and workflow escalation. Priority Intelligence Requirements were formalized to guide collection and analysis, and detection content was aligned with ISO 27001 control assessments.
Integrations were explicit and extensive, ingesting CTI feeds into Splunk and Anomali ThreatStream, and operationalizing intelligence from Recorded Future for actor profiling. Endpoint telemetry from SentinelOne, web controls via iBoss Proxy, vulnerability data from Nexpose and InsightVM, and cloud posture signals from Palo Alto Prisma Cloud were correlated to MITRE ATT&CK techniques. Nozomi Networks data extended coverage into ICS and OT environments, and tools such as Maltego supported investigative enrichment. Python and PowerShell scripting were used to automate data ingestion, log parsing, and endpoint management tasks.
Operational scope covered enterprise SOC workflows, incident response teams, cloud security for Azure and AWS environments, and ICS/OT security monitoring. Governance and process changes included codifying PIRs, authoring detection playbooks, integrating CTI into dashboards and SentinelOne views, and collaborating with third party red teams to validate mapped adversary behaviors. The initiative expressly improved detection capabilities and streamlined SOC operations, enabling faster triage and response for high priority incidents.
|
 |
HCA Healthcare | Healthcare | 226000 | $70.6B | United States | MITRE | MITRE ATT&CK | Threat Modeling | 2019 | n/a |
In 2019, HCA Healthcare joined the Center for Threat-Informed Defense as a founding Research Partner and adopted MITRE ATT&CK to drive threat-informed defense across its healthcare security operations in the United States. HCA Healthcare implemented MITRE ATT&CK as a central Threat Modeling reference to structure detection logic and threat hunting workflows across its security operations centers.
The deployment used ATT&CK mappings to prioritize detections and to drive detection engineering, threat hunting, and SOC playbook adjustments. HCA contributed to R&D projects such as the ATT&CK Workbench, leveraging the ATT&CK framework to codify observed adversary behaviors and map those behaviors to analytic and telemetry requirements.
Operational scope included enterprise security operations across HCA Healthcare sites in the United States, where ATT&CK-aligned mappings were incorporated into detection content and SOC procedures. The implementation focused on aligning defensive controls and monitoring use cases to observed tactics, techniques, and procedures, and on operationalizing ATT&CK terminology within incident response and monitoring workflows.
Governance and rollout were coordinated through research partnership activities and internal SOC process updates, with ATT&CK serving as the common taxonomy for prioritization and control alignment. As a result of the adoption HCA Healthcare prioritized detections, improved SOC processes, and aligned defensive controls to observed adversary behaviors as part of its Threat Modeling practice using MITRE ATT&CK.
|
 |
JPMorgan Chase | Banking and Financial Services | 317233 | $180.6B | United States | MITRE | MITRE ATT&CK | Threat Modeling | 2019 | n/a |
In 2019, JPMorgan Chase joined MITRE Engenuity's Center for Threat-Informed Defense and began using MITRE ATT&CK for Threat Modeling. The collaboration concentrated on ATT&CK-based research and cloud security mappings conducted with MITRE in the United States, establishing a formal channel for shared mappings and tooling contributions.
JPMorgan Chase applied the MITRE ATT&CK framework to inform SOC operations, cloud control assessments, and broader threat informed defense improvements. Implementation activities centered on mapping adversary tactics and techniques to detection coverage and control gaps, aligning telemetry and detection engineering workflows, and developing threat hunting playbooks consistent with Threat Modeling practices.
Operationally, the ATT&CK-based mappings were integrated into SOC workflows and cloud control assessment processes, supporting cloud security evaluations and incident detection across the bank's U.S. environments. JPMorgan Chase contributed expertise and telemetry-derived data back to public mappings and tools, reinforcing the two way flow between the bank and MITRE's community resources.
Governance and rollout focused on embedding ATT&CK nomenclature into existing assessment and detection change processes, enabling standardized threat modeling across security teams and cloud program owners. The engagement with MITRE and adoption of MITRE ATT&CK supported ongoing threat informed defense improvements while maintaining alignment with institutional security assessment and SOC governance processes.
|
 |
|
Professional Services | 221000 | $243.0B | United States | MITRE | MITRE ATT&CK | Threat Modeling | 2019 | n/a |
|
Buyer Intent: Companies Evaluating MITRE ATT&CK
- MITRE Corporation, a United States based Non Profit organization with 9000 Employees
Discover Software Buyers actively Evaluating Enterprise Applications
| Logo | Company | Industry | Employees | Revenue | Country | Evaluated | ||
|---|---|---|---|---|---|---|---|---|
| No data found | ||||||||