Understanding Cyber Adversaries with ATT&CK – The Post-Exploit Threat Model : vTools Events

IEEE.org | IEEE Xplore Digital Library | IEEE Standards | IEEE Spectrum | More Sites

Understanding Cyber Adversaries with ATT&CK – The Post-Exploit Threat Model

#IEEE-CS

Understanding Cyber Adversaries with ATT&CK – The Post-Exploit Threat Model
Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE
Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House 6:30 – 7:30 PM - Program 7:30 – 7:45 PM – Announcements There is no cost to attend at McLean or Silver Spring

Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network’s defenses, benefitting business owners and network managers in the process. In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.
Dr. Andy Applebaum is a Senior Cyber Security Engineer at The MITRE Corporation, where he works on internal and sponsor-facing projects. His current research areas include offensive and defensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. He obtained his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security, including firewall configuration management, secure network administration, and alert correlation. He has a B.A. in computer science from Grinnell College.

Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218

Meeting number: 805 274 863 Meeting password: g3c27D2b

Join by Phone: 1-650-479-3208 Call-in toll number (US/Canada) Access Code: 805 274 863

Date and Time

Location

Hosts

Registration

Date: 25 Oct 2016
Time: 05:30 PM to 07:45 PM
All times are (GMT-05:00) US/Eastern
Add Event to Calendar
iCal
Google Calendar

7515 Colshire Drive
McLean, Virginia
United States 22102
Building: MITRE-2 Building, Room 1N100

Contact Event Host
Co-sponsored by ASQ 509 SW SIG

Link to External Registration

Agenda

Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House

6:30 – 7:30 PM - Program

7:30 – 7:45 PM – Announcements