The MITRE Corporation’s framework to describe the behavior of cyber adversaries operating within enterprise networks – known as Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) – is growing fast. It is also being adopted by more and more security solutions and vendors, including big names like Microsoft and Splunk. The framework draws on years’ worth of detailed forensic reports on cyber attacks that have not been fully taken advantage of up until now. The security industry has largely been focused on sharing and utilizing indicators of compromise (IOCs). By focusing on techniques and tactics of adversaries, the ATT&CK framework has gone deeper and is increasingly being used to help organizations identify gaps known to be exploited by cyber adversaries. This presentation will detail what it takes to collect public information security, threat intelligence, and forensic reports on a security threat group, and then submit all of the adversarial tactics and techniques to MITRE for inclusion in the ATT&CK framework.
Walker Johnson (@wjohnsonsled), Senior Security Engineer, Financial Services Industry
Walker is a Senior Security Engineer on the Wells Fargo Cyber Threat Forensics team within Enterprise Information Security. He previously served as a Senior Consultant and Incident Responder at Deloitte. As a forensic examiner working for the South Carolina Law Enforcement Division, Walker helped state and federal law enforcement agencies investigate numerous computer crimes.
Музыка
Фильмы
ТВ Шоу
Категории видео
