ATT&CKing from Every Angle: How you can use MITRE ATT&CK™
The open-source MITRE ATT&CK knowledge base continues to increase in popularity in the cybersecurity community, as confirmed by ATT&CK’s 16,000+ Twitter followers and the increasing number of security vendors embracing ATT&CK as a tool to categorize techniques, tactics, and procedures. Although ATT&CK started as a project at MITRE almost five years ago as a way to categorize common adversary behavior to allow red and blue teams to better communicate, there are now many ways ATT&CK is being used by the community, including to create detections, to categorize threat intelligence, to evaluate security software, and even to provide a common language for SOC analysts and engineers to communicate with C-suite executives. Everyone will walk away from this talk with a better understanding of ATT&CK and practical use cases for the knowledge base, but more specifically engineers will learn how to apply ATT&CK to make better resource decisions, analysts will learn how to organize intelligence using ATT&CK, and defenders will understand how to improve defenses with behavioral detections based on ATT&CK.
Jen Burns is a Senior Cybersecurity Engineer who joined MITRE shortly after earning her Master’s in Information Security from Carnegie Mellon University. She’s the infrastructure lead for ATT&CK and an ATT&CK content developer, focusing on macOS. She also works in MITRE’s cyber analytics capability area, researching the application of generative adversarial machine learning on the detection of phishing domains.
Get promotions and special offers directly to your inbox.