The offensive security industry is hopping – awesome folks out there can help you find your security flaws! Companies today are leveraging security assessments, audits, penetration tests and red team assessments. These evaluations help to validate coverage within the architecture of a threat model. As your organization matures you will focus more on an expected adversary’s behavior than on generic atomic events. It just so happens MITRE’s ATT&CK is a catalogue of those atomic techniques!
Continue readingTag: Threat Intelligence (Page 5 of 6)
As we saw in our last post, Threat Intelligence is a huge focus. But what good does intelligence do if we never act on it? If your organization is leveraging a SIEM or XDR, or using tools that allow for custom detection content to be added, then you use detection and analytics. ATT&CK includes data on detection and mitigation techniques, which presents you with sound guidance on where to start detecting each technique’s use in your environments. These underappreciated features of the ATT&CK database are fantastic in guiding all manner of blue team operators, and they provide a jump start to achieving greater security. Detection (or what they now call Data sources) and Mitigations give us homework. Before we can act, we must see – so let’s see how ATT&CK can help with Detection.
Continue readingAs you saw in the previous post, ATT&CK is loaded with potential to hit a lot of use cases. Most CTI organizations are at least considering the use of ATT&CK to structure their reports and feeds. It provides analysts with a common language and structure. ATT&CK fosters better collaboration and easier consumption of the findings for all, including you and your tools.
If you’ve known me for a while, you know I love talking about MITRE’s ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge). I probably have an unhealthy addiction to discussing it, but I do think it is helpful to understand why it is both cool and has limits. So let’s discuss!
Continue readingGood morning folks! I have some updates on the threat side of things that I think are interesting and might help in conversations with your friends and colleagues: