With so many possible threats, it might seem daunting to understand how we can learn from our previous incidents, or incidents experienced by other organisations. Traditionally when threat intelligence has been focused on Indicators of compromise (IOCs) it can seem a daunting task to know how to get all that information and put it to good use. The thing is, IOCs are not everything, IOCs are ephemeral. They have a shelf life, and that shelf life can be very short in some instances. So a defence plan that focuses on ingesting IOCs and blocking them will never increase the maturity of a detect and respond capability. This is why MITRE ATT&CK was developed.
“MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.”
This workshop will walk through the anatomy of an incident, from mapping incident stages to the ATT&CK tactics and techniques and then developing detection and mitigation strategies most relevant to that particular threat type.
You'll walk away with:
Technical level: low.
Aimed at people new to detection engineering, threat intelligence analysts SOC analysts etc.