ATT&CK Updates- Defensive ATT&CK

•

1 like•685 views

M

From ATT&CKcon 3.0 By Lex Crumpton, MITRE ATT&CK

Defensive ATT&CK Updates
Lex Crumpton
ATT&CK Defensive Lead
@LexOnTheHunt
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

Who am I
• Lead Cybersecurity Engineer
• Former Exploitation Developer…turned
blue...never looked back
• Manage some things:
• Digital Forensics Teams
• Threat Hunting Teams
• Detection Teams
• My Canine Child
• My Chaotic Workaholic Lifestyle J
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

What is Defensive
ATT&CK?
• Mitigations
• Data Sources:Components
• Detections
• Cyber Analytic Repository (CAR)
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

2021
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
ID Data Source Data Component Detections
DS0017 Command Command Execution Monitor executed commands and arguments that may attempt to
access credential material stored in the process memory of the
Local Security Authority Subsystem Service (LSASS). Such as
procdump -ma lsass.exe lsass_dump
DS0009 Process OS API Execution Monitor for API calls that may attempt to access credential material
stored in the process memory of the Local Security Authority
Subsystem Service (LSASS).
Process Access Monitor for unexpected processes interacting with LSASS.exe.
Common credential dumpers such as Mimikatz access LSASS.exe
by opening the process, location the LSA secrets key, and
decrypting the sections in memory where credential details are
stored. Credential dumpers may also use methods for reflective
Process Injection to reduce potential indicators of compromise
activity.
Process Creation Monitor newly executed processes that may be indicative of
credential dumping, such as procdump.

2022
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
COMING SOON

Cyber Analytic Repository
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
2022

Cyber Analytic Repository
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
2022

Looking towards the future…
Detections
2022
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
Cyber Analytic Repository

https://attack.mitre.org
attack@mitre.org
@mitreattack
Lex Crumpton
@LexOnTheHunt
©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

More Related Content

What's hot

State of the ATT&CK

State of the ATT&CK

State of the ATT&CK

From ATT&CKcon 3.0 By Santiago Pontiroli and Dmitry Bestuzhev, Kaspersky Financially motivated cyber-attacks thrive in emerging Latin American markets. However, there's room for locally grown threat actors operating in the cyber espionage field as well. During the last decade, this includes but is not limited to Blind Eagle, Puppeteer, Machete, Poseidon, and others. We also saw foreign operations targeting specific assets in Latin America, still connected to certain regional sources. Since the threat actors' origin, culture, and language is often different, it's not uncommon for tactics, techniques, and procedures (TTPs) to present marked differences. As a result of our regional expertise and experience, we created MITRE's ATT&CK play-by-play mappings to help other analysts understand regional actors. If you are interested in threat intelligence and what's going on in Latin America, this presentation is for you. Our work is based only on real-world attackers and their operations, including those not publicly known, such as COVID-19 Machete's targeted campaign.

The ATT&CK Latin American APT Playbook

The ATT&CK Latin American APT Playbook

The ATT&CK Latin American APT Playbook

ATT&CK Updates- Campaigns

ATT&CK Updates- Campaigns

ATT&CK Updates- Campaigns

Projects to Impact- Operationalizing Work from the Center

Projects to Impact- Operationalizing Work from the Center

Projects to Impact- Operationalizing Work from the Center

From ATT&CKcon 3.0 By Tim Wadhwa-Brown, Cisco The purpose of this session will be to look at how you can take public information about threat actors, vulnerabilities, and incidents and use them to build better defenses, utilizing ATT&CK along the way to align your security organization to the people and assets that matter. Stories are critical to how humans learn, so this session will leverage a story book approach to give the audience some ideas on approaches they could use. Tim will take the audience through 3 real world examples where he has leveraged ATT&CK to drive operational improvement. The premise of each story will be real, although some of the details will be apocryphal to protect the innocent. One story will focus on defending a network, one will look at adversary detection, while the final one will look at responding to an active attack and in each case, Tim will guide the audience to think about the kinds of data sources that ATT&CK tracks, that they might call upon to achieve a successful outcome.

Threat Modelling - It's not just for developers

Threat Modelling - It's not just for developers

Threat Modelling - It's not just for developers

From ATT&CKcon 3.0 By Haylee Mills, Splunk Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

From ATT&CKcon 3.0 By Lindsay Kaye and Scott Small, Recorded Future Many organizations ask: "Where do I start, and where do I go next" when prioritizing implementation of behavior-based detections? We often hear "use threat intelligence!" but your goals must be qualified and quantified in order to properly prioritize the most relevant TTPs. A wealth of open-sourced, ATT&CK-mapped resources now exists, giving security teams greater access to both detections and red team tests they can implement, but intelligence (also aligned with ATT&CK), is essential to provide necessary context to ensure that detection efforts are focused effectively. This session will discuss a new approach to the prioritization challenge, starting with an analysis of the current defensive landscape, as measured by ATT&CK coverage for more than a dozen detection repositories and technologies, and guidance on sourcing TTP intelligence. The team will then show how real-world defensive strategies can be strengthened by encompassing a full-spectrum view of threat detection, including the implementation of YARA, Sigma, and Snort in security appliances. Critically, alignment of both intelligence and defenses with ATT&CK enables defenders to move the focus of detection efforts to indications of malicious behavior before the final payload is deployed, where controls are most effective at preventing serious damage to the organization.

It's just a jump to the left (of boom): Prioritizing detection implementation...

It's just a jump to the left (of boom): Prioritizing detection implementation...

It's just a jump to the left (of boom): Prioritizing detection implementation...

From ATT&CKcon 3.0 By Fred Frey and Jonathan Mulholland, SnapAttack Atomic Red Team and Sigma are the largest open-source attack simulation and analytic projects. Many organizations utilize one or both internally for security controls validation or supplementing their detections and alerts. Building on the work from these two great communities, we smashed (scientific-term) the attacks and analytics together and applied data science to analyze the results. We'll describe our methodology and testing framework, show the real-world MITRE ATT&CK coverage and gaps, discuss our algorithms for calculating analytic similarity, identifying log sources for a technique, and determining the best analytics to deploy that maximizes ATT&CK coverage. This project aims to: - Bring a measurable testing rigor to community analytics to improve adoption - Test every analytic against every attack, validating the true positive detection - Understand the log sources required to detect specific attack techniques - Apply data science to identify analytic similarity (reduce community duplication) - Identify gaps between the projects' analytics without attack simulations; attack simulations without detections; missing or incorrect MITRE ATT&CK labels, etc - Automate the process so insights can stay up to date with new attack/analytic contributions over time - Share our analysis back to the community to improve these projects

ATT&CKing the Red/Blue Divide

ATT&CKing the Red/Blue Divide

ATT&CKing the Red/Blue Divide

From ATT&CKcon 3.0 By Jason Wood and Justin Swisher, CrowdStrike When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

From ATT&CKcon 3.0 By Marcus LaFerrera and Ryan Kovar, Splunk Since the release of MITRE ATT&CK, vendors and governmental bodies have begun mapping their security blogs, whitepapers, and threat intel reports to ATT&CK TTPs, which is incredible! Vendors have then begun mapping their detections to those mapped TTPs, which is even more awesome! What is not awesome is dissecting a piece of prose for all of the specific embedded ATT&CK technique IDs and then mapping them to your detections to determine coverage. Over the last year, the team at Splunk has spent more time doing this than they would like to admit, so they wrote a tool to do it for them and want to share it with the world. Join the Splunk team as they tell the world about ATT&CK Detections Collector (ADC). ADC is an open-source python tool that will allow you to extract MITRE technique IDs from a third-party URLs and output them into a file. If you use Splunk, the team even maps them to their existing (previously mapped) detection corpus. They even added the ability to export them into a navigator json for fun, profit, or (at least) better visualization!

Automating the mundanity of technique IDs with ATT&CK Detections Collector

Automating the mundanity of technique IDs with ATT&CK Detections Collector

Automating the mundanity of technique IDs with ATT&CK Detections Collector

From ATT&CKcon 3.0 By Gert-Jan Bruggink, Venation Since it's inception in 2015, the ATT&CK framework has achieved widespread adoption, with recent studies suggesting over 80 percent of companies using the framework for cyber security. Over the last seven years, a variety of use cases has been explored with different measures of success. In this presentation, Gert-Jan will explore applying the ATT&CK framework in scenario-based defense. When adopting a scenario approach, security teams collaborate to fuse their understanding of certain situations into scenarios. For example, addressing different hypotheses that can be explained to leadership and specialist teams alike. This approach requires more than "just" breaking down everything into tactics, techniques, and procedures. Some stakeholders might not understand that. For example, some might want to tell a good story about adversaries while others want to translate their understanding of intrusions into a sequential pattern. The objective of this talk is to explore how the granularity of the framework supports creation of scenarios, the limitations in the current approach to ATT&CK when building scenarios across different stakeholders, and addressing potential areas the "language of ATT&CK" can evolve towards over the next 5 years.

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

From ATT&CKcon 3.0 By Jared Stroud, Lacework Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.

ATT&CKING Containers in The Cloud

ATT&CKING Containers in The Cloud

ATT&CKING Containers in The Cloud

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CKcon Intro

ATT&CKcon Intro

ATT&CKcon Intro

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Putting MITRE ATT&CK into Action with What You Have, Where You Are

From ATT&CKcon 3.0 By Matt Snyder, VMWare Insider threats are some of the most treacherous and every organization is susceptible: it's estimated that theft of Intellectual Property alone exceeds $600 billion a year. Armed with intimate knowledge of your organization and masked as legitimate business, often these attacks go unnoticed until it's too late and the damage is done. To make matters worse, threat actors are now trying to lure employees with the promise of large paydays to help carry out attacks. These advanced attacks require advanced solutions, and we are going to demonstrate how we are using the MITRE ATT&CK framework to proactively combat these threats. Armed with these tactics and techniques, we show you how to build intelligent detections to help secure even the toughest of environments.

When Insiders ATT&CK!

When Insiders ATT&CK!

When Insiders ATT&CK!

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

From MITRE ATT&CKcon Power Hour October 2020 By: Aunshul Rege, Associate Professor, Temple University, @prof_rege Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928 This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

MITRE - ATT&CKcon

What's hot (20)

State of the ATT&CK

State of the ATT&CK

State of the ATT&CK

The ATT&CK Latin American APT Playbook

The ATT&CK Latin American APT Playbook

The ATT&CK Latin American APT Playbook

ATT&CK Updates- Campaigns

ATT&CK Updates- Campaigns

ATT&CK Updates- Campaigns

Projects to Impact- Operationalizing Work from the Center

Projects to Impact- Operationalizing Work from the Center

Projects to Impact- Operationalizing Work from the Center

Threat Modelling - It's not just for developers

Threat Modelling - It's not just for developers

Threat Modelling - It's not just for developers

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

It's just a jump to the left (of boom): Prioritizing detection implementation...

It's just a jump to the left (of boom): Prioritizing detection implementation...

It's just a jump to the left (of boom): Prioritizing detection implementation...

ATT&CKing the Red/Blue Divide

ATT&CKing the Red/Blue Divide

ATT&CKing the Red/Blue Divide

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...

Automating the mundanity of technique IDs with ATT&CK Detections Collector

Automating the mundanity of technique IDs with ATT&CK Detections Collector

Automating the mundanity of technique IDs with ATT&CK Detections Collector

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

ATT&CKING Containers in The Cloud

ATT&CKING Containers in The Cloud

ATT&CKING Containers in The Cloud

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for ICS

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CK Updates- ATT&CK for mac/Linux

ATT&CKcon Intro

ATT&CKcon Intro

ATT&CKcon Intro

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Putting MITRE ATT&CK into Action with What You Have, Where You Are

When Insiders ATT&CK!

When Insiders ATT&CK!

When Insiders ATT&CK!

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

Similar to ATT&CK Updates- Defensive ATT&CK

DevTalks 2021 Cloud Engineering @Crowdstrike

DevTalks 2021 Cloud Engineering @Crowdstrike

DevTalks 2021 Cloud Engineering @Crowdstrike

From MITRE ATT&CKcon Power Hour November 2020 By: Jamie Williams, Lead Cyber Adversarial Engineer, MITRE Mike Hartley, Lead Cybersecurity Engineer, MITRE In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020 Jamie Williams and Mike Hartley from MITRE discuss the process for merging PRE-ATT&CK and adding two new tactics to Enterprise ATT&CK – Reconnaissance and Resource Development.

Putting the PRE into ATTACK

Putting the PRE into ATTACK

Putting the PRE into ATTACK

MITRE - ATT&CKcon

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Ulrich Seldeslachts

Managing Multiple Assessments Using Zero Trust Principles

Managing Multiple Assessments Using Zero Trust Principles

Managing Multiple Assessments Using Zero Trust Principles

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE - ATT&CKcon

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Adam Pennington

Log Analytics and Operational Intelligence for Distributed Microservices. IT systems and applications generate more and more distributed machine data due to millions of mobile devices, Internet of Things, social network users, and other new emerging technologies. However, organizations experience challenges when monitoring and managing their IT systems and technology infrastructure. They struggle with distributed Microservices and Cloud architectures, custom application monitoring and debugging, network and server monitoring / troubleshooting, security analysis, compliance standards, and others. This session discusses how to solve the challenges of monitoring and analyzing Terabytes and more of different distributed machine data to leverage the “digital business”. The main part of the session compares different open source frameworks and SaaS cloud solutions for Log Management and operational intelligence, such as Graylog , the “ELK stack”, Papertrail, Splunk or TIBCO LogLogic Unity). A live demo will demonstrate how to monitor and analyze distributed Microservices and sensor data from the “Internet of Things”. The session also explains the distinction of the discussed solutions to other big data components such as Apache Hadoop, Data Warehouse or Machine Learning, and how they can complement each other in a big data architecture. The session concludes with an outlook to the new, advanced concept of IT Operations Analytics (ITOA). Prsesn

Log Analytics for Distributed Microservices

Log Analytics for Distributed Microservices

Log Analytics for Distributed Microservices

Autonomous Database Security Features

Autonomous Database Security Features

Autonomous Database Security Features

SinanPetrusToma

How can a successful SOC2-compliant ISMS be built without power, money and a...

How can a successful SOC2-compliant ISMS be built without power, money and a...

How can a successful SOC2-compliant ISMS be built without power, money and a...

Vsevolod Shabad

Kripta Key Product Key Management System.pdf

Kripta Key Product Key Management System.pdf

Kripta Key Product Key Management System.pdf

langkahgontay88

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy. In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk. In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months. In this presentation, Maarten gives an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.

EIC 2022 - Elimity - Trimming down user access governance to its essentials

EIC 2022 - Elimity - Trimming down user access governance to its essentials

EIC 2022 - Elimity - Trimming down user access governance to its essentials

Microsoft-Entra-Identity-and-Access-presentation.pdf

Microsoft-Entra-Identity-and-Access-presentation.pdf

Microsoft-Entra-Identity-and-Access-presentation.pdf

In this webinar, our SolarWinds sales engineer and guest speaker Eric Hodeen discussed how to reduce your vulnerabilities and harden your infrastructure. They also reviewed best practices, share resources, and demonstrate how our products can be used to help manage vulnerabilities at your organization. They reviewed common infrastructure hardening best practices and how to use the DISA STIGs to teach the basics such as validation of FIPS require protocols, baseline STIG’ed configuration for the enterprise, and other tips on securing your infrastructure . During this interactive webinar, attendees learned how to:: • Leverage automated network configuration tools to deploy standardized configurations, detect out-of-process changes, audit configurations, and even correct violations • Audit device configurations and logs for NIST FISMA, DISA STIG, and DSS PCI compliance • Discover patch statuses and vulnerabilities, and automate patch management • Detect, track, and compare system and application configuration changes to confirm changes, even when systems are off-line • Leverage access rights management to understand and act on high-risk access and reduce vulnerabilities

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

A data-centric platform integrates multiple Big Data open source technologies. For example, at Stratio we use Spark, Kafka, Elastic search and many more. Most of these technologies do not offer native security. This lack of security, not only leaves companies open to critical risks like data leakage, unsecure communications or DoS attacks but is also a major barrier to complying with different regulations such as LOPD, PCI-DSS or the upcoming GDPR. This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing. By: Carlos Gómez

Big Data Security: Facing the challenge

Big Data Security: Facing the challenge

Big Data Security: Facing the challenge

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

4 Cyber Security KPIs

4 Cyber Security KPIs

4 Cyber Security KPIs

What the Hackers Do to Steal the Data?

What the Hackers Do to Steal the Data?

What the Hackers Do to Steal the Data?

Digit Oktavianto

Similar to ATT&CK Updates- Defensive ATT&CK (20)

DevTalks 2021 Cloud Engineering @Crowdstrike

DevTalks 2021 Cloud Engineering @Crowdstrike

DevTalks 2021 Cloud Engineering @Crowdstrike

Putting the PRE into ATTACK

Putting the PRE into ATTACK

Putting the PRE into ATTACK

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Managing Multiple Assessments Using Zero Trust Principles

Managing Multiple Assessments Using Zero Trust Principles

Managing Multiple Assessments Using Zero Trust Principles

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Becoming a Yogi on Mac ATT&CKwith OceanLotus Postures

Log Analytics for Distributed Microservices

Log Analytics for Distributed Microservices

Log Analytics for Distributed Microservices

Autonomous Database Security Features

Autonomous Database Security Features

Autonomous Database Security Features

How can a successful SOC2-compliant ISMS be built without power, money and a...

How can a successful SOC2-compliant ISMS be built without power, money and a...

How can a successful SOC2-compliant ISMS be built without power, money and a...

Kripta Key Product Key Management System.pdf

Kripta Key Product Key Management System.pdf

Kripta Key Product Key Management System.pdf

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

The Hacking Games - Security vs Productivity and Operational Efficiency 20230119

EIC 2022 - Elimity - Trimming down user access governance to its essentials

EIC 2022 - Elimity - Trimming down user access governance to its essentials

EIC 2022 - Elimity - Trimming down user access governance to its essentials

Microsoft-Entra-Identity-and-Access-presentation.pdf

Microsoft-Entra-Identity-and-Access-presentation.pdf

Microsoft-Entra-Identity-and-Access-presentation.pdf

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...

Big Data Security: Facing the challenge

Big Data Security: Facing the challenge

Big Data Security: Facing the challenge

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce

4 Cyber Security KPIs

4 Cyber Security KPIs

4 Cyber Security KPIs

What the Hackers Do to Steal the Data?

What the Hackers Do to Steal the Data?

What the Hackers Do to Steal the Data?

More from MITRE ATT&CK

From ATT&CKcon 4.0 By Tareq AlKhatib, Lacework, Inc "ATT&CK serves as the central language for CTI practitioners, Detection Engineers, Red Teamers, and more. Despite the benefit of having a central language, ATT&CK offers different levels of detail that might be useful for one team but not others. This paper points out some of these differences in the level of details available in ATT&CK, especially from the point of view of Detection Engineers, and focused on detection coverage. In summary, while ATT&CK does not define the Procedure level of the TTP trinity, it is still useful to define the “Degrees of Freedom” an attacker has within a technique. Some techniques only have a limited number of possible Procedures, some techniques might have more, and others might be so open ended that they offer an unlimited number of possible procedures per technique. We examine this concept on both the Technique and Tactic levels and make the argument that techniques that have a high number of possible Procedures cannot be covered by Detection Engineers. At the conference, we intend to release an ATT&CK Navigator layer to help Detection Engineers quickly filter out which Tactics and Techniques they need to focus on and which ones they simply cannot cover."

Dealing With ATT&CK's Different Levels Of Detail

Dealing With ATT&CK's Different Levels Of Detail

Dealing With ATT&CK's Different Levels Of Detail

From ATT&CKcon 4.0 By Jeremy Straub, NDSU Cybersecurity Institute This presentation will briefly summarize work that we've done regarding implementing the ATT&CK framework as a rule-fact-action network within a Blackboard Architecture, allowing the ATT&CK framework to enable security testing automation. The presentation will start with a quick summary of the concept behind this and then present a few implementation examples.

Automating testing by implementing ATT&CK using the Blackboard Architecture

Automating testing by implementing ATT&CK using the Blackboard Architecture

Automating testing by implementing ATT&CK using the Blackboard Architecture

From ATT&CKcon 4.0 By Tim Wadhwa-Brown, Cisco The purpose of this session will be to look at how the linux-malware repo came to take shape and how we've used it to inform our view on adversarial behaviour over the last couple of years. Since the original reason for staring this project was to look at Linux coverage in ATT&CK, we'll play back some of the interesting points and reflect on how they've affected ATT&CK itself.

I can haz cake: Benefits of working with MITRE on ATT&CK

I can haz cake: Benefits of working with MITRE on ATT&CK

I can haz cake: Benefits of working with MITRE on ATT&CK

From ATT&CKcon 4.0 By James Stanley, CISA "CISA's Adoption of the MITRE ATT&CK Framework Over the past several years, CISA has worked to incorporate ATT&CK whenever applicable into our Cybersecurity Advisories and other cyber guidance. It has become the universal language for discussing how the adversary operates, and we leverage it for our stakeholders to respond to urgent events in real time, as well as detailed reports on subjects like our Red Team activities to give network defenders proactive guidance on how to harden their networks."

CISA usage of ATT&CK in Cybersecurity Advisories

CISA usage of ATT&CK in Cybersecurity Advisories

CISA usage of ATT&CK in Cybersecurity Advisories

From ATT&CKcon 4.0 By Scott Small, Tidal Cyber This metrics- and meme-based lightning session spotlights the success story that is the CTI industry’s impressive (and expanding) adoption of ATT&CK in their products. Using nearly 6 years’ worth of ATT&CK-mapped, public threat reports collected from government, vendor, & independent sources, we’ll show how the rate (and detail) of mapping has increased considerably, while showcasing (anonymized) examples of high-quality end-products, with the aim of inspiring further ATT&CK adoption in this important corner of the field.

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

From ATT&CKcon 4.0 By Pranusha Somareddy, Lark Health "By aligning security controls with specific adversary techniques and tactics, organizations can gain a comprehensive understanding of their defensive capabilities. This mapping exercise serves as a vital step in identifying potential gaps and weaknesses within the security architecture. The evaluation of security maturity using the MITRE ATT&CK framework provides valuable insights into the effectiveness of existing controls, shedding light on areas that require improvement or further attention. In this presentation, we will delve into practical strategies and real-world examples that showcase how organizations can successfully leverage the MITRE ATT&CK framework to enhance their security maturity. We will also explore key topics such as: (i)Customizing security training and awareness programs based on roles and responsibilities (ii)Conducting thorough assessments of incident response capabilities through the framework (iii)Integrating threat intelligence derived from ATT&CK to continuously improve the security posture"

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

From ATT&CKcon 4.0 By Ozan Olali, IBM Security The Electronic Flight Bag (EFB) has become an indispensable tool in modern aviation, providing pilots with digital resources and critical flight information. However, the increased reliance on EFB systems running on operating systems, introduces various security challenges. In this session, a technical assessment approach with MITRE ATT&CK framework to perform a comprehensive threat analysis of an EFB solution, will be presented. The potential attack vectors and relation with the risks for business/ flight operations will be demonstrated.

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

From ATT&CKcon 4.0 By Adam Ostrich and Jesse Brown, Red Canary "Endpoint Detection & Response (EDR) telemetry offers defenders a powerful tool for catching threats. However, understanding how to validate ATT&CK technique coverage using EDR telemetry can be a challenge. As Detection Validation Engineers at a Managed Detection & Response (MDR) provider that ingests nearly a petabyte of endpoint telemetry every day, we’re in the unique and necessary position to analyze this telemetry at scale and validate its efficacy against common adversary tradecraft. After providing a brief introduction to EDR telemetry, we’ll discuss how to break ATT&CK techniques down to individual data components, perform functional tests, analyze the ways that specific actions translate to telemetry records, and compare this analysis across different EDR sensors. We’ll discuss the tooling we’ve built to assist us in running these tests and analyzing the resulting telemetry, and we’ll explain how security teams can improve their own functional testing efforts by creating an automated validation workflow. Finally, we’ll describe how this approach has enabled us to more effectively understand and use EDR telemetry, highlighting where this telemetry excels and fails at detecting ATT&CK techniques."

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

From ATT&CKcon 4.0 By Marina Liang "LABYRINTH CHOLLIMA is a prolific Democratic People's Republic of Korea (DPRK) nexus adversary focused on cyber espionage. They have been recently observed targeting FinTech (financial technology) companies in cryptocurrency revenue generation efforts. LABYRINTH CHOLLIMA has been associated with many high profile attacks, including the Sony Pictures Entertainment (SPE) breach, the WannaCry 2.0 global surge, and most recently, the 3CX supply chain compromise. Increasingly versed in cross-platform intrusions, LABYRINTH CHOLLIMA has been observed targeting macOS operating systems, and evolving their tactics, techniques, and tooling to keep in lockstep with the evolving security landscape. This talk will deep dive into the interactive macOS intrusions Crowdstrike has attributed to LABYRINTH CHOLLIMA. We will delve into the adversary's macOS tradecraft, techniques to circumvent existing OS protections, and social engineering tactics, while showcasing how their mechanisms and tooling map to the MITRE ATT&CK kill chain, featuring some newly proposed MITRE techniques related to the Transparency, Consent, and Control (TCC) database."

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

MITRE ATT&CK Updates: State of the Cloud

MITRE ATT&CK Updates: State of the Cloud

MITRE ATT&CK Updates: State of the Cloud

From ATT&CKcon 4.0 By Simeon Kakpovi and Greg Schloemer, KC7 Foundation "KC7 uses an experiential learning pedagogy to teach cybersecurity analysis to students of all levels, from elementary school all the way to industry professionals. In the KC7 experience, students analyze realistic cybersecurity data and answer a series of CTF-style questions that guide them through an investigative journey. In order to generate authentic intrusion data, we create a fictional company that is attacked by cyber threat actors. The attributes and behaviors of these actors are defined via yaml configurations that are modeled based on MITRE ATT&CK categories and techniques. For example, we can granularly define what techniques an attacker uses for initial access or lateral movement, and how the actor explicitly uses those techniques. Students that effectively analyze KC7 intrusion data can map the observed activity to the various stages of the MITRE ATTA&CK framework. Organizing actor definitions around the ATTA&CK framework allows KC7 to create a rich set of intrusion data in various permutations - and ensure that students are exposed to a diverse array of scenarios. A pleasant byproduct of this methodology is that students of MITRE ATT&CK can now study techniques contextually in data rather than just reading about them in reports."

Using ATT&CK to created wicked actors in real data

Using ATT&CK to created wicked actors in real data

Using ATT&CK to created wicked actors in real data

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

From ATT&CKcon 4.0 By Olaf Harton, FalconForce "Modern security teams have been engineering solid detections for a while now. All this great output also needs to be managed well. * How can we make sure that the detections we have spent a lot of time developing are deployed and are running in production in the same way as they were designed? * How can we assure our detection and prevention controls are still working and are detecting the attacks they have been designed to cover? We will show how we have built a robust and flexible development and deployment process using cloud technnologies. This process allows us to quickly and easily implement new detection controls, test them across multiple environments, and deploy them in a controlled and consistent manner. We will discuss how security teams can reap the benefits of using detection-as-code, and how this can help achieving a single source of truth for their detection logic. Adopting this approach enables teams to use automation and unit testing to manage and validate their detection controls across multiple environments and ensure proper documentation. By adopting a detection-as-code approach, teams can gain the confidence that comes from knowing that their detections and mitigations work as intended."

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

From ATT&CKcon 4.0 By Alexandrea Berninger, Accenture We live in a world where attention is scarce. And yet we need to communicate complex information effectively to a variety of audiences. This talk will discuss how to cut through the noise of information overload by using MITRE ATT&CK to reach your audience. It will use lessons I have learned from videography, combined with Cyber Threat Intelligence (CTI) to weave a story around how to think about communicating to your audience when gaining their focus is becoming increasingly difficult. Using current research into focus and attention spans, combined with trends in how people like to obtain information, this talk will recommend paths to building compelling stories with MITRE ATT&CK so that stakeholders can immediately gain value from threat intelligence reports without having to read a full long-form report.

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

From ATT&CKcon 4.0 By Scott Roberts, Interpres Security "Building threat intelligence is challenging, even under the most ideal circumstances. But what if you are even more limited in your resources? You are part of a small (but skilled) team, with high expectations, and people are relying on you to make business-critical decisions…all the time! What do you do in that situation? Turn a Toyota Tercel into a tank, of course. The Interpres Security threat intelligence team found itself in that exact situation. Wanting to leverage the MITRE ATT&CK catalog in creating a comprehensive and timely threat intelligence repository, the Interpres team built a series of tools, processes, and paradigms that we call Intelligence Engineering. In this talk, we’ll examine how we combined ATT&CK, STIX2, the Vertex Project’s open-source intelligence platform, Synapse, and custom code to deliver meaningful, rapid, verifiable intelligence to our customers. We’ll share lessons learned on automation, how to run multiple ATT&CK libraries side-by-side, and making programmatic intelligence delivery scalable and effective – just like building a tank out of an imported sedan."

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

MITRE ATT&CK Updates: ICS

MITRE ATT&CK Updates: ICS

MITRE ATT&CK Updates: ICS

The case for quishing

The case for quishing

The case for quishing

More from MITRE ATT&CK (20)

Dealing With ATT&CK's Different Levels Of Detail

Dealing With ATT&CK's Different Levels Of Detail

Dealing With ATT&CK's Different Levels Of Detail

Automating testing by implementing ATT&CK using the Blackboard Architecture

Automating testing by implementing ATT&CK using the Blackboard Architecture

Automating testing by implementing ATT&CK using the Blackboard Architecture

I can haz cake: Benefits of working with MITRE on ATT&CK

I can haz cake: Benefits of working with MITRE on ATT&CK

I can haz cake: Benefits of working with MITRE on ATT&CK

CISA usage of ATT&CK in Cybersecurity Advisories

CISA usage of ATT&CK in Cybersecurity Advisories

CISA usage of ATT&CK in Cybersecurity Advisories

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

MITRE ATT&CK based Threat Analysis for Electronic Flight Bag

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS

MITRE ATT&CK Updates: State of the Cloud

MITRE ATT&CK Updates: State of the Cloud

MITRE ATT&CK Updates: State of the Cloud

Using ATT&CK to created wicked actors in real data

Using ATT&CK to created wicked actors in real data

Using ATT&CK to created wicked actors in real data

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...

MITRE ATT&CK Updates: ICS

MITRE ATT&CK Updates: ICS

MITRE ATT&CK Updates: ICS

The case for quishing

The case for quishing

The case for quishing

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Understanding the FAA Part 107 License ..

Understanding the FAA Part 107 License ..

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

Decarbonising Commercial Real Estate: The Role of Operational Performance

Decarbonising Commercial Real Estate: The Role of Operational Performance

Decarbonising Commercial Real Estate: The Role of Operational Performance

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Understanding the FAA Part 107 License ..

Understanding the FAA Part 107 License ..

Understanding the FAA Part 107 License ..

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Modernizing Legacy Systems Using Ballerina

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

Decarbonising Commercial Real Estate: The Role of Operational Performance

Decarbonising Commercial Real Estate: The Role of Operational Performance

Decarbonising Commercial Real Estate: The Role of Operational Performance

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

ATT&CK Updates- Defensive ATT&CK

1. Defensive ATT&CK Updates Lex Crumpton ATT&CK Defensive Lead @LexOnTheHunt ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

2. Who am I • Lead Cybersecurity Engineer • Former Exploitation Developer…turned blue...never looked back • Manage some things: • Digital Forensics Teams • Threat Hunting Teams • Detection Teams • My Canine Child • My Chaotic Workaholic Lifestyle J ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

3. What is Defensive ATT&CK? • Mitigations • Data Sources:Components • Detections • Cyber Analytic Repository (CAR) ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

4. 2021 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 ID Data Source Data Component Detections DS0017 Command Command Execution Monitor executed commands and arguments that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Such as procdump -ma lsass.exe lsass_dump DS0009 Process OS API Execution Monitor for API calls that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Process Access Monitor for unexpected processes interacting with LSASS.exe. Common credential dumpers such as Mimikatz access LSASS.exe by opening the process, location the LSA secrets key, and decrypting the sections in memory where credential details are stored. Credential dumpers may also use methods for reflective Process Injection to reduce potential indicators of compromise activity. Process Creation Monitor newly executed processes that may be indicative of credential dumping, such as procdump.

5. 2022 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 COMING SOON

6. Cyber Analytic Repository ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022

7. Cyber Analytic Repository ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022

8. Looking towards the future… Detections 2022 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 Cyber Analytic Repository

9. https://attack.mitre.org attack@mitre.org @mitreattack Lex Crumpton @LexOnTheHunt ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26