The presentation discusses the use of the ATT&CK framework in cybersecurity and how it can be customized to fit specific use cases.
- The ATT&CK framework is a useful tool for building a threat library and informing defense strategies.
- The framework has 244 techniques in the enterprise version, but it can be customized to fit specific use cases.
- Deloitte has created their own threat library using the ATT&CK framework and added sub-techniques to track threats they care about.
- The ATT&CK team is working on adding sub-techniques to the framework.
- Users can add their own techniques to the framework if they don't fit the existing methodology.
The presentation uses the example of a small startup called Froth Li and their cybersecurity challenges to illustrate the use of the ATT&CK framework. The CEO, threat intel team, network defender, and red teamer all face different issues that can be addressed using the framework. The presentation also mentions that the speaker hates printers and will cry if asked to bring something.
You've seen the tactics and techniques. You've read the descriptions. However, something is missing…how do you take the theory of MITRE ATT&CK™ and actually DO something with it? At first glance, it is easy to be overwhelmed by the ATT&CK framework. Where do you start? Who should use it? What can you really do with a framework like ATT&CK? Combining the knowledge of an ATT&CK team member with the experience of a security practitioner who has helped implement it, Katie and Ryan will teach you how to take ATT&CK from a cool-sounding idea to a powerful force for creating a threat-informed defense in your company. They will walk the audience through the story of how ATT&CK helped a fictional organization solve real-world-inspired problems that defenders struggle with every day. The presentation will discuss how different teams like threat intelligence analysts, threat hunters, SOC analysts, red teamers, and even executives can use ATT&CK to improve how they track threats and protect against them. Regardless of their role, attendees will learn how they can hit the ground running with ATT&CK on the first day they return home.