As a community, we struggle with how to make threat intelligence actionable. We fall back to indicators of compromise because they’re easy to apply to defenses, but we know we need to track adversary behavior to make our defenses less fragile. MITRE ATT&CK can help. The presenters will explain how you can use ATT&CK to classify adversary behavior and apply that intel to your defenses - and then provide the data to ensure that this process really works. This presentation will start by explaining how you can use ATT&CK to organize the threat intelligence you’re already collecting.
The presenters will walk through examples of how to “extract” ATT&CK techniques from your data, and then suggest ideas for how you can use that intel to prioritize defenses in your organization. Next, the presenters will take the theoretical process and make it real. They will provide an exclusive first look at a rich multi-year data set of confirmed threats based on ATT&CK-mapped detection criteria. The presenters will give an overview of the methodology (including bias and limitations), then discuss what they learned from the data.
Topics covered include the top techniques observed, key technique trends, and how to improve your hunting and detection based on those observations. Attendees will learn how to shift their thinking about threat intel toward tracking behavior and gain perspective on where they should prioritize their detections based on threat intel from years of confirmed threats. Analysts will learn how to structure original reporting in the form of ATT&CK techniques to increase the effectiveness and usability of the products they create for defenders.
Brian Beyer, CEO & Co-Founder, Red Canary
Katie Nickels (@likethecoins), ATT&CK Threat Intelligence Lead, The MITRE Corporation
Негізгі бет Ғылым және технология ATT&CK™ Your CTI w/ Lessons Learned from 4 Years in the Trenches - SANS CTI Summit 2019
Пікірлер: 2