SlideShare a Scribd company logo

Mapping Controls to ATT&CK Techniques

MITRE - ATT&CKcon
MITRE - ATT&CKcon

The document discusses MITRE's efforts to map security techniques from the Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) framework to common security control frameworks. It describes challenges with existing mapping efforts and MITRE's goals to create a centralized, trusted resource for ATT&CK-control mappings that can help organizations assess security effectiveness and capability gaps. MITRE is seeking input on desired mappings and contributions from the community to collaborate on this initiative.

Technology
1 of 12
Download to read offline
©2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 18-03621-8. MITRE | 1 | Controls Mapping Michael Long @michaellongii © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 @MITREattack #ATTACKcon
Overview | 2 | ▪ Organizations need to implement information security controls – NIST SP 800-53, PCI-DSS, CIS Controls ▪ Control selection should be driven by threats and vulnerabilities – ATT&CK can help! ▪ We have challenges: – Which controls do we select (and why)? – How do our controls map to ATT&CK techniques? ▪ Many organizations create ATT&CK → Control mappings – How can we as the ATT&CK team help centralize these? © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
ATT&CK-Controls Mapping | 3 | ▪ By mapping ATT&CK to common control frameworks we can: – Identify controls that mitigate threats we care about – Identify capability gaps – Better understand our cybersecurity effectiveness NSA Top 10 Mitigation Strategies Identify Protect Detect Respond Recover 1. Update and Upgrade Software Immediately 2. Defend Privileges and Accounts 3. Enforce Signed Software Execution Policies 4. Exercise a System Recovery Plan 5. Actively Manage Systems and Configurations 6. Continuously Hunt for Network Intrusions 7. Leverage Modern Hardware Security Features 8. Segregate Networks Using Application-Aware Defenses 9. Integrate Threat Reputation Services 10. Transition to Multi-Factor Authentication ATT&CK Tactics Initial Access Legend: Identify Protect Detect Respond Recover © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
Prototype Mappings: ATT&CK-NIST 800-53 | 4 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
Prototype Mappings: ATT&CK-NIST 800-53 | 5 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping – 244 NIST 800-53 Controls NIST 800-53 Controls © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
Prototype Mappings: ATT&CK-NIST 800-53 | 6 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping – 244 NIST 800-53 Controls – 266 ATT&CK Techniques NIST 800-53 Controls ATT&CKTechniques © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
© 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 Prototype Mappings: ATT&CK-NIST 800-53 (Continued) | 7 | ▪ Control Family View lists ATT&CK mapping by Control Families
© 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 Prototype Mappings: ATT&CK-NIST 800-53 (Continued) | 8 | ▪ Control Family View lists ATT&CK mapping by Control Families
Mapping Challenges | 9 | ▪ Mapping criteria ▪ Changing control standards ▪ Scale ▪ Differing configurations and implementations ▪ Some organizations have created internal mappings but… – Sharing externally can be difficult – Results in duplication of effort – Hinders collaboration and innovation © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
Our Future Goals | 10 | ▪ Provide a curated source of trusted mappings – Support community contributions ▪ Develop a flexible mapping data structure – Responsive to change – Able to scale ▪ Present mappings in a user-friendly application – Similar to the ATT&CK Navigator © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
Going Forward | 11 | ▪ We need your input! – Tell us what types of mappings you want and why ▪ Do you want to share an awesome mapping? – Let us know! ▪ We can only win if we work together – Let us know if you want to help © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
| 12 | attack@mitre.org @MITREattack #ATTACKcon Michael Long @michaellongii © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14

Recommended

MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
 

Recommended

MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
 
Accelerating Digital Leadership
Accelerating Digital LeadershipAccelerating Digital Leadership
Accelerating Digital LeadershipM2M Alliance e.V.
 
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data centerNur Shiqim Chok
 
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4Nur Shiqim Chok
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeJoAnna Cheshire
 
Brink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteBrink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteNur Shiqim Chok
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoCristian Garcia G.
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Winning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsWinning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsCarl De Groote
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention ApproachesCipherCloud
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 

More Related Content

What's hot

Accelerating Digital Leadership
Accelerating Digital LeadershipAccelerating Digital Leadership
Accelerating Digital LeadershipM2M Alliance e.V.
 
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data centerNur Shiqim Chok
 
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4Nur Shiqim Chok
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeJoAnna Cheshire
 
Brink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteBrink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteNur Shiqim Chok
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoCristian Garcia G.
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
 
Winning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsWinning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsCarl De Groote
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention ApproachesCipherCloud
 

What's hot (20)

Accelerating Digital Leadership
Accelerating Digital LeadershipAccelerating Digital Leadership
Accelerating Digital Leadership
 
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
 
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategies
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
 
Brink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteBrink sanders cisco architecture keynote
Brink sanders cisco architecture keynote
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 Highlights
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian Prieto
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy World
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Winning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsWinning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud Environments
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches
 

Similar to Mapping Controls to ATT&CK Techniques

Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...JamieWilliams130
 
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
Cisco Connect 2018 Indonesia - Delivering intent for data center networking Cisco Connect 2018 Indonesia - Delivering intent for data center networking
Cisco Connect 2018 Indonesia - Delivering intent for data center networking NetworkCollaborators
 
MITRE-Module 5 Slides.pdf
MITRE-Module 5 Slides.pdfMITRE-Module 5 Slides.pdf
MITRE-Module 5 Slides.pdfReZa AdineH
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
A Partner Overview to ThousandEyes - v1_1_ES.pptx
A Partner Overview to ThousandEyes - v1_1_ES.pptxA Partner Overview to ThousandEyes - v1_1_ES.pptx
A Partner Overview to ThousandEyes - v1_1_ES.pptxThousandEyes
 
NetNordic_DDoS-War-Room_25-april-2019.pptx
NetNordic_DDoS-War-Room_25-april-2019.pptxNetNordic_DDoS-War-Room_25-april-2019.pptx
NetNordic_DDoS-War-Room_25-april-2019.pptxMansurAli32
 
Cisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered
 
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...AgileNetwork
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...Tuan Yang
 
Realize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyesRealize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyesThousandEyes
 
Market Intelligence Briefing and Government Panel: Cloud Sales Opportunities
Market Intelligence Briefing and Government Panel: Cloud Sales OpportunitiesMarket Intelligence Briefing and Government Panel: Cloud Sales Opportunities
Market Intelligence Briefing and Government Panel: Cloud Sales OpportunitiesimmixGroup
 
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present..."Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...Edge AI and Vision Alliance
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
A Partner Overview to ThousandEyes - v1_2_DE.pptx
A Partner Overview to ThousandEyes - v1_2_DE.pptxA Partner Overview to ThousandEyes - v1_2_DE.pptx
A Partner Overview to ThousandEyes - v1_2_DE.pptxThousandEyes
 
SMAC _ Can It Maximise Staff and Customer Engagement? RWTS
SMAC _ Can It Maximise Staff and Customer Engagement? RWTSSMAC _ Can It Maximise Staff and Customer Engagement? RWTS
SMAC _ Can It Maximise Staff and Customer Engagement? RWTSAirTight Networks
 
Design a strong defense strategy to prevent hackers from evading antivirus so...
Design a strong defense strategy to prevent hackers from evading antivirus so...Design a strong defense strategy to prevent hackers from evading antivirus so...
Design a strong defense strategy to prevent hackers from evading antivirus so...Tuan Yang
 

Similar to Mapping Controls to ATT&CK Techniques (20)

Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
 
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
Cisco Connect 2018 Indonesia - Delivering intent for data center networking Cisco Connect 2018 Indonesia - Delivering intent for data center networking
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
 
MITRE-Module 5 Slides.pdf
MITRE-Module 5 Slides.pdfMITRE-Module 5 Slides.pdf
MITRE-Module 5 Slides.pdf
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
A Partner Overview to ThousandEyes - v1_1_ES.pptx
A Partner Overview to ThousandEyes - v1_1_ES.pptxA Partner Overview to ThousandEyes - v1_1_ES.pptx
A Partner Overview to ThousandEyes - v1_1_ES.pptx
 
Week2 3
Week2 3Week2 3
Week2 3
 
NetNordic_DDoS-War-Room_25-april-2019.pptx
NetNordic_DDoS-War-Room_25-april-2019.pptxNetNordic_DDoS-War-Room_25-april-2019.pptx
NetNordic_DDoS-War-Room_25-april-2019.pptx
 
Cisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered Presentation - For Customers
Cisco Powered Presentation - For Customers
 
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...
Agile Gurugram 2023 I Engineering Metrics: Cornerstone for Building High Qual...
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...
Webinar - Prevent Unauthorized Access to Your Systems and Applications with S...
 
Realize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyesRealize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyes
 
Market Intelligence Briefing and Government Panel: Cloud Sales Opportunities
Market Intelligence Briefing and Government Panel: Cloud Sales OpportunitiesMarket Intelligence Briefing and Government Panel: Cloud Sales Opportunities
Market Intelligence Briefing and Government Panel: Cloud Sales Opportunities
 
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present..."Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
A Partner Overview to ThousandEyes - v1_2_DE.pptx
A Partner Overview to ThousandEyes - v1_2_DE.pptxA Partner Overview to ThousandEyes - v1_2_DE.pptx
A Partner Overview to ThousandEyes - v1_2_DE.pptx
 
SMAC _ Can It Maximise Staff and Customer Engagement? RWTS
SMAC _ Can It Maximise Staff and Customer Engagement? RWTSSMAC _ Can It Maximise Staff and Customer Engagement? RWTS
SMAC _ Can It Maximise Staff and Customer Engagement? RWTS
 
Design a strong defense strategy to prevent hackers from evading antivirus so...
Design a strong defense strategy to prevent hackers from evading antivirus so...Design a strong defense strategy to prevent hackers from evading antivirus so...
Design a strong defense strategy to prevent hackers from evading antivirus so...
 

More from MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE - ATT&CKcon
 

More from MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Mapping Controls to ATT&CK Techniques

  • 1. ©2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 18-03621-8. MITRE | 1 | Controls Mapping Michael Long @michaellongii © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 @MITREattack #ATTACKcon
  • 2. Overview | 2 | ▪ Organizations need to implement information security controls – NIST SP 800-53, PCI-DSS, CIS Controls ▪ Control selection should be driven by threats and vulnerabilities – ATT&CK can help! ▪ We have challenges: – Which controls do we select (and why)? – How do our controls map to ATT&CK techniques? ▪ Many organizations create ATT&CK → Control mappings – How can we as the ATT&CK team help centralize these? © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 3. ATT&CK-Controls Mapping | 3 | ▪ By mapping ATT&CK to common control frameworks we can: – Identify controls that mitigate threats we care about – Identify capability gaps – Better understand our cybersecurity effectiveness NSA Top 10 Mitigation Strategies Identify Protect Detect Respond Recover 1. Update and Upgrade Software Immediately 2. Defend Privileges and Accounts 3. Enforce Signed Software Execution Policies 4. Exercise a System Recovery Plan 5. Actively Manage Systems and Configurations 6. Continuously Hunt for Network Intrusions 7. Leverage Modern Hardware Security Features 8. Segregate Networks Using Application-Aware Defenses 9. Integrate Threat Reputation Services 10. Transition to Multi-Factor Authentication ATT&CK Tactics Initial Access Legend: Identify Protect Detect Respond Recover © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 4. Prototype Mappings: ATT&CK-NIST 800-53 | 4 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 5. Prototype Mappings: ATT&CK-NIST 800-53 | 5 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping – 244 NIST 800-53 Controls NIST 800-53 Controls © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 6. Prototype Mappings: ATT&CK-NIST 800-53 | 6 | ▪ Our prototype offers two views: Master & Control Family ▪ Master View displays the entire ATT&CK-NIST 800-53 mapping – 244 NIST 800-53 Controls – 266 ATT&CK Techniques NIST 800-53 Controls ATT&CKTechniques © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 7. © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 Prototype Mappings: ATT&CK-NIST 800-53 (Continued) | 7 | ▪ Control Family View lists ATT&CK mapping by Control Families
  • 8. © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14 Prototype Mappings: ATT&CK-NIST 800-53 (Continued) | 8 | ▪ Control Family View lists ATT&CK mapping by Control Families
  • 9. Mapping Challenges | 9 | ▪ Mapping criteria ▪ Changing control standards ▪ Scale ▪ Differing configurations and implementations ▪ Some organizations have created internal mappings but… – Sharing externally can be difficult – Results in duplication of effort – Hinders collaboration and innovation © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 10. Our Future Goals | 10 | ▪ Provide a curated source of trusted mappings – Support community contributions ▪ Develop a flexible mapping data structure – Responsive to change – Able to scale ▪ Present mappings in a user-friendly application – Similar to the ATT&CK Navigator © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 11. Going Forward | 11 | ▪ We need your input! – Tell us what types of mappings you want and why ▪ Do you want to share an awesome mapping? – Let us know! ▪ We can only win if we work together – Let us know if you want to help © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14
  • 12. | 12 | attack@mitre.org @MITREattack #ATTACKcon Michael Long @michaellongii © 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 19-00696-14