Uploaded byjimihi8398
PPTX, PDF21 views

MITRE ATT&CK Triage Presentation 2024 3jlxksllslsslnxud

The document discusses the MITRE ATT&CK framework, which is a knowledge base of tactics, techniques, and procedures utilized by cyber adversaries, aiding in threat understanding and incident response. It emphasizes the role of triage in evaluating security events, prioritizing responses, and mapping events to specific ATT&CK techniques for improved detection. The document also highlights best practices including continuous learning and collaboration within security operations centers (SOCs) to adapt to evolving threats.

Embed presentation

Download to read offline
Using MITRE ATT&CK to Triage Events [Your Name] [Presentation Date]
Introduction • • Overview of MITRE ATT&CK • - A comprehensive knowledge base of tactics, techniques, and procedures (TTPs) used by cyber adversaries. • - Assists in understanding potential threats, improving detection, and refining incident response strategies. • - Importance in triage: Provides a structured approach to evaluate security events, prioritize responses, and mitigate risks.
Understanding the ATT&CK Framework • • Tactics and Techniques • - Tactics: High-level objectives (e.g., Initial Access, Execution, Persistence). • - Techniques: Specific methods used to achieve those objectives (e.g., phishing, PowerShell). • - Examples: Tactic: Credential Access; Technique: Keylogging or credential dumping. • • ATT&CK Matrices: Overview of matrices for different environments (Enterprise, Mobile,
The Role of Triage in Incident Response • • What is Triage? • - Evaluating incoming security alerts to determine their severity, relevance, and potential impact. • - Essential for efficient resource allocation and response prioritization in a SOC. • • How Triage Fits into the SOC Workflow • - Detection → Triage → Investigation → Response. • - Triage acts as a filter to ensure high-priority
Leveraging MITRE ATT&CK for Triage • • Mapping Events to ATT&CK • - Correlate observed security events with specific ATT&CK techniques. • - Example: Unusual login attempts may map to 'Brute Force' under 'Credential Access' tactic. • • Prioritization of Events • - Assess threat levels based on known TTPs. • - Factors: Severity, Confidence Level.
Example Triage Scenario • • Case Study • - Scenario: Employee reports phishing emails; SIEM alerts for multiple login attempts. • - Analysis Using ATT&CK: • - Identify techniques: Initial Access via phishing, Credential Access through brute force. • - Investigate logs for suspicious IP addresses. • • Decision Making
Integrating ATT&CK into Security Tools • • SIEM and Threat Hunting • - Integrate ATT&CK into SIEM systems for improved detection capabilities. • - Create alerts based on known techniques. • • Automated Detection • - Use MITRE Caldera for automated adversary emulation to test detections. • - Implement custom detection rules based on ATT&CK.
Best Practices for Using MITRE ATT&CK • • Continuous Learning • - Update knowledge on emerging techniques and adversary behaviors. • - Participate in workshops and training sessions. • • Collaboration • - Encourage teamwork within the SOC and sharing insights. • • Documentation
Future Trends and Challenges • • Adapting to Evolving Threats • - MITRE ATT&CK evolves as new TTPs are identified, requiring teams to stay informed. • • Challenges in Implementation • - Resource Constraints: Limited staffing/tools can hinder effective implementation. • - Skill Gaps: Ensuring SOC personnel are trained in using ATT&CK effectively.
Conclusion • • Key Takeaways • - MITRE ATT&CK is a powerful tool for enhancing event triage. • - Structured approaches improve incident response efficiency and effectiveness. • - Continuous education and adaptation to evolving threats are crucial.
Q&A • • Open the floor for questions from the audience.
References • • Useful Resources: • - MITRE ATT&CK Framework: https://attack.mitre.org • - SANS Institute - Using the ATT&CK Framework: https://www.sans.org/white- papers/38096/ • - Cybint - Triage Using MITRE ATT&CK: https://cybintsolutions.com

More Related Content

PDF
CTI Workshop Full Slides Workshop Full Slides.pdf
byseyohah504
 
PDF
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
PDF
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
PDF
MITRE ATT&CKcon Power Hour - November
byMITRE - ATT&CKcon
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PPTX
Presentazione tesi magistrale procentese.pptx
byAntonioProcentese1
 
PDF
MITRE ATTACKcon Power Hour - October
byMITRE - ATT&CKcon
 
PDF
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
byMITRE - ATT&CKcon
 
CTI Workshop Full Slides Workshop Full Slides.pdf
byseyohah504
 
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
MITRE ATT&CKcon Power Hour - November
byMITRE - ATT&CKcon
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
Presentazione tesi magistrale procentese.pptx
byAntonioProcentese1
 
MITRE ATTACKcon Power Hour - October
byMITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
byMITRE - ATT&CKcon
 

Similar to MITRE ATT&CK Triage Presentation 2024 3jlxksllslsslnxud

PDF
Best practices fore MITRE EMERSON EDUARDO RODRIGUES
byEMERSON EDUARDO RODRIGUES
 
PDF
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
PPTX
Enterprise-MITRE-ATTandCK-Threat-Hunting _ Updated.pptx
byBheemeshChowdary2
 
PDF
MITRE AttACK framework it is time you took notice_v1.0
byMichael Gough
 
PPTX
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
PPTX
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
byHarry McLaren
 
PDF
MITRE-Module 2 Slides.pdf
byReZa AdineH
 
PDF
Mitre ATT&CK by Mattias Almeflo Nixu
byNixu Corporation
 
PDF
Mitre getting-started-with-attack-october-2019
byThang Nguyen
 
PPTX
MITRE ATT&CK framework
byBhushan Gurav
 
PDF
MITRE A-TAK Design Philosophy
bytom termini
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
PDF
State of ATT&CK
byAdam Pennington
 
PDF
(SACON) Wayne Tufek - chapter five - attacks
byPriyanka Aash
 
PPTX
ATT&CKing Threat Management
byAndy Piazza
 
PDF
MITRE ATT&CK and 2017 FSB Indictment
byDigital Shadows
 
PDF
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
PDF
What's a MITRE with your Security?
byMITRE - ATT&CKcon
 
PPTX
ATTCKv11_for_RHISAC_may_2022
byTravis McWaters
 
PDF
The art of communicating ATT&CK to the CFO
byMITRE ATT&CK
 
Best practices fore MITRE EMERSON EDUARDO RODRIGUES
byEMERSON EDUARDO RODRIGUES
 
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
Enterprise-MITRE-ATTandCK-Threat-Hunting _ Updated.pptx
byBheemeshChowdary2
 
MITRE AttACK framework it is time you took notice_v1.0
byMichael Gough
 
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
byHarry McLaren
 
MITRE-Module 2 Slides.pdf
byReZa AdineH
 
Mitre ATT&CK by Mattias Almeflo Nixu
byNixu Corporation
 
Mitre getting-started-with-attack-october-2019
byThang Nguyen
 
MITRE ATT&CK framework
byBhushan Gurav
 
MITRE A-TAK Design Philosophy
bytom termini
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
State of ATT&CK
byAdam Pennington
 
(SACON) Wayne Tufek - chapter five - attacks
byPriyanka Aash
 
ATT&CKing Threat Management
byAndy Piazza
 
MITRE ATT&CK and 2017 FSB Indictment
byDigital Shadows
 
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
What's a MITRE with your Security?
byMITRE - ATT&CKcon
 
ATTCKv11_for_RHISAC_may_2022
byTravis McWaters
 
The art of communicating ATT&CK to the CFO
byMITRE ATT&CK
 

Recently uploaded

PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
December Patch Tuesday
byIvanti
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 

MITRE ATT&CK Triage Presentation 2024 3jlxksllslsslnxud

  • 1.
    Using MITRE ATT&CKto Triage Events [Your Name] [Presentation Date]
  • 2.
    Introduction • • Overviewof MITRE ATT&CK • - A comprehensive knowledge base of tactics, techniques, and procedures (TTPs) used by cyber adversaries. • - Assists in understanding potential threats, improving detection, and refining incident response strategies. • - Importance in triage: Provides a structured approach to evaluate security events, prioritize responses, and mitigate risks.
  • 3.
    Understanding the ATT&CK Framework •• Tactics and Techniques • - Tactics: High-level objectives (e.g., Initial Access, Execution, Persistence). • - Techniques: Specific methods used to achieve those objectives (e.g., phishing, PowerShell). • - Examples: Tactic: Credential Access; Technique: Keylogging or credential dumping. • • ATT&CK Matrices: Overview of matrices for different environments (Enterprise, Mobile,
  • 4.
    The Role ofTriage in Incident Response • • What is Triage? • - Evaluating incoming security alerts to determine their severity, relevance, and potential impact. • - Essential for efficient resource allocation and response prioritization in a SOC. • • How Triage Fits into the SOC Workflow • - Detection → Triage → Investigation → Response. • - Triage acts as a filter to ensure high-priority
  • 5.
    Leveraging MITRE ATT&CKfor Triage • • Mapping Events to ATT&CK • - Correlate observed security events with specific ATT&CK techniques. • - Example: Unusual login attempts may map to 'Brute Force' under 'Credential Access' tactic. • • Prioritization of Events • - Assess threat levels based on known TTPs. • - Factors: Severity, Confidence Level.
  • 6.
    Example Triage Scenario •• Case Study • - Scenario: Employee reports phishing emails; SIEM alerts for multiple login attempts. • - Analysis Using ATT&CK: • - Identify techniques: Initial Access via phishing, Credential Access through brute force. • - Investigate logs for suspicious IP addresses. • • Decision Making
  • 7.
    Integrating ATT&CK intoSecurity Tools • • SIEM and Threat Hunting • - Integrate ATT&CK into SIEM systems for improved detection capabilities. • - Create alerts based on known techniques. • • Automated Detection • - Use MITRE Caldera for automated adversary emulation to test detections. • - Implement custom detection rules based on ATT&CK.
  • 8.
    Best Practices forUsing MITRE ATT&CK • • Continuous Learning • - Update knowledge on emerging techniques and adversary behaviors. • - Participate in workshops and training sessions. • • Collaboration • - Encourage teamwork within the SOC and sharing insights. • • Documentation
  • 9.
    Future Trends andChallenges • • Adapting to Evolving Threats • - MITRE ATT&CK evolves as new TTPs are identified, requiring teams to stay informed. • • Challenges in Implementation • - Resource Constraints: Limited staffing/tools can hinder effective implementation. • - Skill Gaps: Ensuring SOC personnel are trained in using ATT&CK effectively.
  • 10.
    Conclusion • • KeyTakeaways • - MITRE ATT&CK is a powerful tool for enhancing event triage. • - Structured approaches improve incident response efficiency and effectiveness. • - Continuous education and adaptation to evolving threats are crucial.
  • 11.
    Q&A • • Openthe floor for questions from the audience.
  • 12.
    References • • UsefulResources: • - MITRE ATT&CK Framework: https://attack.mitre.org • - SANS Institute - Using the ATT&CK Framework: https://www.sans.org/white- papers/38096/ • - Cybint - Triage Using MITRE ATT&CK: https://cybintsolutions.com