Fine-Tuning Cybersecurity with the ATT&CK Framework

This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA.

This will be my fourth time speaking at RSA, and this will be my second time facilitating a learning lab, which I’m happy about. I really enjoy the learning labs at RSA. They are designed to be far different than other RSA sessions and events. Specifically, the learning labs have a maximum capacity of 64 people (eight tables with eight people per table), they are closed to the press and they are highly interactive.

This gives attendees an opportunity to be open with their discussions around the lab’s topic and, with labs running 2-3 hours, there is plenty of time to dig in and learn more about the topic than in a normal conference presentation session.

What is the ATT&CK Framework?

ATT&CK is the Adversarial Tactics, Techniques, and Common Knowledge Framework.

It was developed by MITRE based on a research project where they saw a need for a framework to address a few issues such as being able to focus on adversary behaviors, being able to supplement existing cyber lifecycle models, being able to apply the framework to real-world environments and being able to provide a common taxonomy for the community.

ATT&CK is a curated knowledge base that provides knowledge describing behaviors, actions and processes in the form of Tactics and Techniques that a cyber adversary might utilize once initial access has been gained within an organization’s network.

There are many good blogs describing ATT&CK. Particularly, my colleague Travis Smith has written extensively about ATT&CK. Links to his writings can be found in the reference section at the end of this post.

What will be happening in the Learning Lab?

(Read more...)