SlideShare a Scribd company logo

MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankowski & Travis McWaters

MITRE - ATT&CKcon
MITRE - ATT&CKcon

This lightning talk is a brief discussion around how PepsiCo is managing their ‘detection catalog’ and how it maps and is enhanced by the MITRE ATT&CK framework.

Technology
1 of 9
Download to read offline
Detection Philosophy, Evolution & ATT&CK A BRIEF DISCUSSION AROUND HOW WE ARE MANAGING OUR ‘DETECTION CATALOG’ AND HOW IT MAPS TO AND IS ENHANCED BY THE ATT&CK FRAMEWORK Fred Stankowski & Travis McWaters
2 Who are you? Cyber Threat Intelligence (CTI) Threat Detection Operations (TDO) Incident Response (IR) Attack Surface Management (ASM) Enterprise Incident Mgmt (EIM) Threat Detection Operations (TDO)
3 Detection Philosophy Why you need a catalog • Historical Record • Knowledge Transfer • Work Management
4 Evolution – V0
5 Evolution V1
6 Evolution V1
7 Evolution V2
8 Example ADS entry Network - Suspicious Network Activity - SMB Worm Behavior Goal Detect SMB Worms by the firewall deny messages they generate Categorization These attempts are categorized as Scanning / Network Service Scanning (T1046) Strategy Abstract The strategy will function as follows: •Look for traffic blocked by the firewalls bound for destination port 445 •Count the number of destination hosts a source tried to reach •Validate the source is a Company asset, not external •Alert if the number of targets exceeds NNN in under MMM minutes Technical Context <...> • Blind Spots and Assumptions • False Positives • Validation • Priority • Response
9 Lessons Learned Nomenclature Matters Use a code repo sooner Good docs mitigate attrition pains

Recommended

MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 

Recommended

MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceJacklynTsai
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protectionPriyanka Aash
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 

More Related Content

What's hot

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceJacklynTsai
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protectionPriyanka Aash
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 

What's hot (20)

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 

Similar to MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankowski & Travis McWaters

Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Harry McLaren
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesMichele Vecchione
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronisLiza Charalambous
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
 
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...Cal Net Technology Group
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Laryssa Mereszczak
 

Similar to MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankowski & Travis McWaters (20)

SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of Detail
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future Challanges
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale
 
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to...
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
 

More from MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...MITRE - ATT&CKcon
 

More from MITRE - ATT&CKcon (19)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
 
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
MITRE ATT&CKcon 2.0: Alertable Techniques for Linux Using ATT&CK; Tony Lamber...
 
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankowski & Travis McWaters

  • 1. Detection Philosophy, Evolution & ATT&CK A BRIEF DISCUSSION AROUND HOW WE ARE MANAGING OUR ‘DETECTION CATALOG’ AND HOW IT MAPS TO AND IS ENHANCED BY THE ATT&CK FRAMEWORK Fred Stankowski & Travis McWaters
  • 2. 2 Who are you? Cyber Threat Intelligence (CTI) Threat Detection Operations (TDO) Incident Response (IR) Attack Surface Management (ASM) Enterprise Incident Mgmt (EIM) Threat Detection Operations (TDO)
  • 3. 3 Detection Philosophy Why you need a catalog • Historical Record • Knowledge Transfer • Work Management
  • 8. 8 Example ADS entry Network - Suspicious Network Activity - SMB Worm Behavior Goal Detect SMB Worms by the firewall deny messages they generate Categorization These attempts are categorized as Scanning / Network Service Scanning (T1046) Strategy Abstract The strategy will function as follows: •Look for traffic blocked by the firewalls bound for destination port 445 •Count the number of destination hosts a source tried to reach •Validate the source is a Company asset, not external •Alert if the number of targets exceeds NNN in under MMM minutes Technical Context <...> • Blind Spots and Assumptions • False Positives • Validation • Priority • Response
  • 9. 9 Lessons Learned Nomenclature Matters Use a code repo sooner Good docs mitigate attrition pains