Karl Scheuerman, CrowdStrike
The security community is quickly adopting the MITRE ATT&CK matrix as a framework for understanding and analyzing targeted intrusions. However, one of its potential limitations is a lack of detailed historical intrusion data for developing accurate and thorough ATT&CK-based threat modeling.
Crowdstrike’s Falcon OverWatch threat hunting team analyzes adversary behavior on a regular basis. The amount of OverWatch's malicious intrusion data is significant given the valuable telemetry delivered by Falcon's endpoint technology. As a result, CrowdStrike has amassed a rich data library of malicious activity that can be applied to the ATT&CK model.
The OverWatch Strategic Counter-Adversary Research (SCAR) team has now evaluated all OverWatch intrusion data since January 1, 2018 through the lens of the ATT&CK framework. This presentation presents these findings and highlights cases of unique adversary TTP use. The results of this analysis will provide a baseline from which CrowdStrike can better identify changes in threat actor TTP trends moving forward. In addition, the presentation discusses limitations in this type of research.
Негізгі бет MITRE ATT&CKcon 2018: Analyzing Targeted Intrusions Through the Lens of the ATT&CK Framework
Пікірлер