Through the ATT&CK framework, MITRE has generated a gold mine of information about the most important tactics and techniques used by attackers and how the blue team can detect and prevent these actions. Blocking atomic attack indicators such as domain names and IP addresses might work in the short term, but understanding the higher-level tactics in ATT&CK helps the blue team identify and anticipate attacker activity at a higher level of abstraction, slowing attackers down and giving defenders a fighting chance.
Attendees at this webcast will learn:
-Why the framework is so important to security teams
-How the matrix is evolving
-What challenges users need to address to use the ATT&CK framework
-How to use ATT&CK to improve operations
-What best practices and tools are key to successfully using the framework
John Hubbard is a certified SANS instructor and the author of two courses: SEC450: Blue Team Fundamentals: Security Operations and Analysis and SEC455: SIEM Design & Implementation. As a security operations center (SOC) consultant and speaker, John specializes in security operations, threat hunting, network security monitoring, SIEM design and defensive process optimization. His mission to improve blue teams led him to partner with SANS to help develop the next generation of defensive talent around the world.