From ATT&CKcon 4.0
By Alexandrea Berninger, Accenture
We live in a world where attention is scarce. And yet we need to communicate complex information effectively to a variety of audiences. This talk will discuss how to cut through the noise of information overload by using MITRE ATT&CK to reach your audience. It will use lessons I have learned from videography, combined with Cyber Threat Intelligence (CTI) to weave a story around how to think about communicating to your audience when gaining their focus is becoming increasingly difficult. Using current research into focus and attention spans, combined with trends in how people like to obtain information, this talk will recommend paths to building compelling stories with MITRE ATT&CK so that stakeholders can immediately gain value from threat intelligence reports without having to read a full long-form report.
How Microlearning is Having a $2.2 Million Annual Impact at Bloomingdale’sHuman Capital Media
Microlearning has quickly become a hot topic in corporate learning, primarily because conventional learning methods have struggled to meet the demands of the business and the needs of the modern employee. Many organizations are incorporating microlearning into their learning strategy and are seeing incredible results.
In this session, you will learn why Bloomingdale’s decided to break away from conventional practices and try microlearning in 2012—before microlearning was a known term. It will explore the issues the company faced when it was decided to take the organization down the microlearning path and what the dramatic results have been. You will learn from the pitfalls and successes that were encountered along the way. For some, this session will provide a wake-up call for how learning professionals need to adapt their approaches to better meet the needs of a business and its employees. For others, it will help them gain a better perspective on the true benefits of taking a microlearning approach.
In this session, you will learn:
Why Bloomingdale’s took a microlearning approach
What Bloomingdale’s learned during their three-plus year journey with microlearning
The ingredients of an effective microlearning strategy
The results that Bloomingdale’s has achieved: a $2.2 million a year impact
MICROLEARNING SERIES PART 1 MICROLEARNING: THE TRUTH AND THE PROOFHuman Capital Media
Microlearning is a hot topic in the corporate learning and performance space – and the buzz isn’t slowing down. Learning leaders are working quickly to understand the concept, and how it can be applied purposefully to support employees – and ideally – to get business results.
Before an organization takes the leap into microlearning, it’s important to understand the fundamentals first. To be successful, microlearning must be applied in the right way – from the beginning – to achieve sustained results.
In part 1 of our microlearning webinar series, you’ll take-away:
An understanding of the fundamentals of microlearning – the truth about what it is, and what it is not
A framework for creating an effective microlearning strategy that gets results
Real-world examples of how global organizations have used microlearning to achieve significant business objectives
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
Held February 2019
Annual Privacy and Security Conference
Workshop re: Cybersecurity, Ethics and Careers
Presentation Schedule: https://psv20th.sched.com/event/Jrtl/you-are-the-alpha-and-omega-of-a-secure-future-explore-understand-and-practice-your-role-in-advancing-a-positive-cybersecurity
Jan de Vries - Becoming antifragile is more important than ever in disruptive...matteo mazzeri
Have you ever wondered why DevOps, Continuous Deployment, canary releases, microservices, chaos engineering and reducing Technical Debt work so well? Why it works at all? These and many other concepts all have one thing in common. They are affected by a hidden force: antifragility.
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
How Microlearning is Having a $2.2 Million Annual Impact at Bloomingdale’sHuman Capital Media
Microlearning has quickly become a hot topic in corporate learning, primarily because conventional learning methods have struggled to meet the demands of the business and the needs of the modern employee. Many organizations are incorporating microlearning into their learning strategy and are seeing incredible results.
In this session, you will learn why Bloomingdale’s decided to break away from conventional practices and try microlearning in 2012—before microlearning was a known term. It will explore the issues the company faced when it was decided to take the organization down the microlearning path and what the dramatic results have been. You will learn from the pitfalls and successes that were encountered along the way. For some, this session will provide a wake-up call for how learning professionals need to adapt their approaches to better meet the needs of a business and its employees. For others, it will help them gain a better perspective on the true benefits of taking a microlearning approach.
In this session, you will learn:
Why Bloomingdale’s took a microlearning approach
What Bloomingdale’s learned during their three-plus year journey with microlearning
The ingredients of an effective microlearning strategy
The results that Bloomingdale’s has achieved: a $2.2 million a year impact
MICROLEARNING SERIES PART 1 MICROLEARNING: THE TRUTH AND THE PROOFHuman Capital Media
Microlearning is a hot topic in the corporate learning and performance space – and the buzz isn’t slowing down. Learning leaders are working quickly to understand the concept, and how it can be applied purposefully to support employees – and ideally – to get business results.
Before an organization takes the leap into microlearning, it’s important to understand the fundamentals first. To be successful, microlearning must be applied in the right way – from the beginning – to achieve sustained results.
In part 1 of our microlearning webinar series, you’ll take-away:
An understanding of the fundamentals of microlearning – the truth about what it is, and what it is not
A framework for creating an effective microlearning strategy that gets results
Real-world examples of how global organizations have used microlearning to achieve significant business objectives
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
Held February 2019
Annual Privacy and Security Conference
Workshop re: Cybersecurity, Ethics and Careers
Presentation Schedule: https://psv20th.sched.com/event/Jrtl/you-are-the-alpha-and-omega-of-a-secure-future-explore-understand-and-practice-your-role-in-advancing-a-positive-cybersecurity
Jan de Vries - Becoming antifragile is more important than ever in disruptive...matteo mazzeri
Have you ever wondered why DevOps, Continuous Deployment, canary releases, microservices, chaos engineering and reducing Technical Debt work so well? Why it works at all? These and many other concepts all have one thing in common. They are affected by a hidden force: antifragility.
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
Visit http://www.techsoup.org for donated technology for nonprofits and public libraries!
With October 1 kicking off the start of National Cyber Security Awareness Month, we want to make sure you've got the right tools and know-how to keep your nonprofit or library running smoothly and safely online.
Join Symantec's Kelley Bray, who also spent years training government agency staff from TSA to Homeland Security on smart practices for personal safety, office security, and keeping your data and activities protected in our Internet-enabled world.
Key takeaways include:
-- Practical tips you can implement today to make your identity safer online
-- Tangible practices you can adopt for your staff and office to secure your data and website
-- Know-how to identify tricks and scams so you can avoid putting your organization or your constituents at risk
-- And more!
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Ruth Edmonds
Insight into how cyber criminals prey on your employees to get access to your company's valuable data, and tips and technology that can help you protect yourself. See webinar video here: http://bit.ly/Avatu-how-cybercriminals-exploit-your-employees
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
These are the slides from two related sessions at The Open Group conference:
1. Zero Trust Commandments – THE rules of the road
2. Zero Trust Reference Model
-----------------------------------------------
Zero Trust Commandments – THE rules of the road
-----------------------------------------------
Zero Trust is the de-facto standard for modern cybersecurity that helps organizations secure the ‘hybrid of everything’ technical estate spanning IT, OT, IoT, cloud, Artificial Intelligence (AI), data, and more. The Zero Trust Commandments provide THE rules for security and Zero Trust that clearly describe how security aligns to business goals and risks while becoming agile to adapt to continuously changing business requirements, technical platforms, and security threats (including ransomware, nation states, and more).
Come and learn the “what” and “why” of Zero Trust, the Commandments and how they apply to you, your role in your Zero Trust journey, digital business and cloud initiatives, and their impact on resilience and sustainability. Learn how to apply Zero Trust as an essential component of a Sustainable Enterprise as it seeks to adopt the requisite technology in a secure manner.
--------------------------
Zero Trust Reference Model
--------------------------
Zero Trust is the de-facto standard for modern cybersecurity that is being globally adopted by The Open Group, SABSA, NIST, NCRC, the US cybersecurity directive, CISA, CSA, and more. The Zero Trust reference model standard enables you to plan and start Zero Trust by clearly defining the vision and philosophy of Zero Trust, the three-pillar implementation model that integrates Zero Trust into an organization’s processes, as well as defining each capability and architectural building block (ABB) from Security Zones to Adaptive Access to Governance to Security Operations (SecOps/SOC), and more.
Come and learn about the capabilities and building blocks of Zero Trust and how to practically approach its implementation to reduce blast radius of attacks, reduce attack surface, and operate in an assume compromise/breach mode. This will result in an increased ability to block and remove attacker access to your organization’s valuable business assets, increasing your organization's resilience and sustainability. We will also illustrate it in the context of IT and OT, and how it is essential for the sustainable enterprise.
Nikhil and Mark are practitioners and thought leaders who have taken numerous organizations on this journey, lead the Zero Trust Working Group, and are co-authors of this Standard. Learn from their hands-on experience across a myriad of customers and industries.
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
THE IMPERATIVE TO BUILD A RESILIENT AND AGILE ORGANIZATION—ONE MINDSET AT A TIMEHuman Capital Media
“Resiliency” and “Agility” are so often discussed yet rarely understood in the context of implementing these skills within organizations. Companies increasingly recognize the need to evolve the organization in order to grow or at least keep pace in a climate where innovation is critical to success—or even survival. But your people don’t know how to unlock their potential.
Why? Human brains aren’t naturally wired to deal with or initiate change. Our cognitive biases hold us back from adapting to the most common disruptions thrust upon us. They also stop us from inciting the kind of innovative thought that ultimately benefits our organizations and ourselves.
These facts of nature are in direct conflict with the realities of your business needs, aren't they?
Fortunately, research has proven we can retrain our brains to be more Resilient and Agile at any age and stage in our career. Join Dr. Casey Mulqueen and David Collins, two behavioral learning experts who’ve helped people develop Adaptive Mindsets all around the world, as they share with you:
What it means to be Resilient and Agile and why it’s critical to develop these skills
Strategies to change individuals’ behavior to positively impact the entire organization
How other companies have employed successful Resiliency and Agility training
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
From ATT&CKcon 4.0
By Tareq AlKhatib, Lacework, Inc
"ATT&CK serves as the central language for CTI practitioners, Detection Engineers, Red Teamers, and more. Despite the benefit of having a central language, ATT&CK offers different levels of detail that might be useful for one team but not others. This paper points out some of these differences in the level of details available in ATT&CK, especially from the point of view of Detection Engineers, and focused on detection coverage.
In summary, while ATT&CK does not define the Procedure level of the TTP trinity, it is still useful to define the “Degrees of Freedom” an attacker has within a technique. Some techniques only have a limited number of possible Procedures, some techniques might have more, and others might be so open ended that they offer an unlimited number of possible procedures per technique. We examine this concept on both the Technique and Tactic levels and make the argument that techniques that have a high number of possible Procedures cannot be covered by Detection Engineers.
At the conference, we intend to release an ATT&CK Navigator layer to help Detection Engineers quickly filter out which Tactics and Techniques they need to focus on and which ones they simply cannot cover."
Automating testing by implementing ATT&CK using the Blackboard ArchitectureMITRE ATT&CK
From ATT&CKcon 4.0
By Jeremy Straub, NDSU Cybersecurity Institute
This presentation will briefly summarize work that we've done regarding implementing the ATT&CK framework as a rule-fact-action network within a Blackboard Architecture, allowing the ATT&CK framework to enable security testing automation. The presentation will start with a quick summary of the concept behind this and then present a few implementation examples.
More Related Content
Similar to Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stakeholders at all Levels
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
Visit http://www.techsoup.org for donated technology for nonprofits and public libraries!
With October 1 kicking off the start of National Cyber Security Awareness Month, we want to make sure you've got the right tools and know-how to keep your nonprofit or library running smoothly and safely online.
Join Symantec's Kelley Bray, who also spent years training government agency staff from TSA to Homeland Security on smart practices for personal safety, office security, and keeping your data and activities protected in our Internet-enabled world.
Key takeaways include:
-- Practical tips you can implement today to make your identity safer online
-- Tangible practices you can adopt for your staff and office to secure your data and website
-- Know-how to identify tricks and scams so you can avoid putting your organization or your constituents at risk
-- And more!
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Ruth Edmonds
Insight into how cyber criminals prey on your employees to get access to your company's valuable data, and tips and technology that can help you protect yourself. See webinar video here: http://bit.ly/Avatu-how-cybercriminals-exploit-your-employees
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
These are the slides from two related sessions at The Open Group conference:
1. Zero Trust Commandments – THE rules of the road
2. Zero Trust Reference Model
-----------------------------------------------
Zero Trust Commandments – THE rules of the road
-----------------------------------------------
Zero Trust is the de-facto standard for modern cybersecurity that helps organizations secure the ‘hybrid of everything’ technical estate spanning IT, OT, IoT, cloud, Artificial Intelligence (AI), data, and more. The Zero Trust Commandments provide THE rules for security and Zero Trust that clearly describe how security aligns to business goals and risks while becoming agile to adapt to continuously changing business requirements, technical platforms, and security threats (including ransomware, nation states, and more).
Come and learn the “what” and “why” of Zero Trust, the Commandments and how they apply to you, your role in your Zero Trust journey, digital business and cloud initiatives, and their impact on resilience and sustainability. Learn how to apply Zero Trust as an essential component of a Sustainable Enterprise as it seeks to adopt the requisite technology in a secure manner.
--------------------------
Zero Trust Reference Model
--------------------------
Zero Trust is the de-facto standard for modern cybersecurity that is being globally adopted by The Open Group, SABSA, NIST, NCRC, the US cybersecurity directive, CISA, CSA, and more. The Zero Trust reference model standard enables you to plan and start Zero Trust by clearly defining the vision and philosophy of Zero Trust, the three-pillar implementation model that integrates Zero Trust into an organization’s processes, as well as defining each capability and architectural building block (ABB) from Security Zones to Adaptive Access to Governance to Security Operations (SecOps/SOC), and more.
Come and learn about the capabilities and building blocks of Zero Trust and how to practically approach its implementation to reduce blast radius of attacks, reduce attack surface, and operate in an assume compromise/breach mode. This will result in an increased ability to block and remove attacker access to your organization’s valuable business assets, increasing your organization's resilience and sustainability. We will also illustrate it in the context of IT and OT, and how it is essential for the sustainable enterprise.
Nikhil and Mark are practitioners and thought leaders who have taken numerous organizations on this journey, lead the Zero Trust Working Group, and are co-authors of this Standard. Learn from their hands-on experience across a myriad of customers and industries.
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
THE IMPERATIVE TO BUILD A RESILIENT AND AGILE ORGANIZATION—ONE MINDSET AT A TIMEHuman Capital Media
“Resiliency” and “Agility” are so often discussed yet rarely understood in the context of implementing these skills within organizations. Companies increasingly recognize the need to evolve the organization in order to grow or at least keep pace in a climate where innovation is critical to success—or even survival. But your people don’t know how to unlock their potential.
Why? Human brains aren’t naturally wired to deal with or initiate change. Our cognitive biases hold us back from adapting to the most common disruptions thrust upon us. They also stop us from inciting the kind of innovative thought that ultimately benefits our organizations and ourselves.
These facts of nature are in direct conflict with the realities of your business needs, aren't they?
Fortunately, research has proven we can retrain our brains to be more Resilient and Agile at any age and stage in our career. Join Dr. Casey Mulqueen and David Collins, two behavioral learning experts who’ve helped people develop Adaptive Mindsets all around the world, as they share with you:
What it means to be Resilient and Agile and why it’s critical to develop these skills
Strategies to change individuals’ behavior to positively impact the entire organization
How other companies have employed successful Resiliency and Agility training
Similar to Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stakeholders at all Levels (20)
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
From ATT&CKcon 4.0
By Tareq AlKhatib, Lacework, Inc
"ATT&CK serves as the central language for CTI practitioners, Detection Engineers, Red Teamers, and more. Despite the benefit of having a central language, ATT&CK offers different levels of detail that might be useful for one team but not others. This paper points out some of these differences in the level of details available in ATT&CK, especially from the point of view of Detection Engineers, and focused on detection coverage.
In summary, while ATT&CK does not define the Procedure level of the TTP trinity, it is still useful to define the “Degrees of Freedom” an attacker has within a technique. Some techniques only have a limited number of possible Procedures, some techniques might have more, and others might be so open ended that they offer an unlimited number of possible procedures per technique. We examine this concept on both the Technique and Tactic levels and make the argument that techniques that have a high number of possible Procedures cannot be covered by Detection Engineers.
At the conference, we intend to release an ATT&CK Navigator layer to help Detection Engineers quickly filter out which Tactics and Techniques they need to focus on and which ones they simply cannot cover."
Automating testing by implementing ATT&CK using the Blackboard ArchitectureMITRE ATT&CK
From ATT&CKcon 4.0
By Jeremy Straub, NDSU Cybersecurity Institute
This presentation will briefly summarize work that we've done regarding implementing the ATT&CK framework as a rule-fact-action network within a Blackboard Architecture, allowing the ATT&CK framework to enable security testing automation. The presentation will start with a quick summary of the concept behind this and then present a few implementation examples.
I can haz cake: Benefits of working with MITRE on ATT&CKMITRE ATT&CK
From ATT&CKcon 4.0
By Tim Wadhwa-Brown, Cisco
The purpose of this session will be to look at how the linux-malware repo came to take shape and how we've used it to inform our view on adversarial behaviour over the last couple of years. Since the original reason for staring this project was to look at Linux coverage in ATT&CK, we'll play back some of the interesting points and reflect on how they've affected ATT&CK itself.
CISA usage of ATT&CK in Cybersecurity AdvisoriesMITRE ATT&CK
From ATT&CKcon 4.0
By James Stanley, CISA
"CISA's Adoption of the MITRE ATT&CK Framework
Over the past several years, CISA has worked to incorporate ATT&CK whenever applicable into our Cybersecurity Advisories and other cyber guidance. It has become the universal language for discussing how the adversary operates, and we leverage it for our stakeholders to respond to urgent events in real time, as well as detailed reports on subjects like our Red Team activities to give network defenders proactive guidance on how to harden their networks."
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)MITRE ATT&CK
From ATT&CKcon 4.0
By Scott Small, Tidal Cyber
This metrics- and meme-based lightning session spotlights the success story that is the CTI industry’s impressive (and expanding) adoption of ATT&CK in their products. Using nearly 6 years’ worth of ATT&CK-mapped, public threat reports collected from government, vendor, & independent sources, we’ll show how the rate (and detail) of mapping has increased considerably, while showcasing (anonymized) examples of high-quality end-products, with the aim of inspiring further ATT&CK adoption in this important corner of the field.
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingMITRE ATT&CK
From ATT&CKcon 4.0
By Pranusha Somareddy, Lark Health
"By aligning security controls with specific adversary techniques and tactics, organizations can gain a comprehensive understanding of their defensive capabilities. This mapping exercise serves as a vital step in identifying potential gaps and weaknesses within the security architecture. The evaluation of security maturity using the MITRE ATT&CK framework provides valuable insights into the effectiveness of existing controls, shedding light on areas that require improvement or further attention.
In this presentation, we will delve into practical strategies and real-world examples that showcase how organizations can successfully leverage the MITRE ATT&CK framework to enhance their security maturity. We will also explore key topics such as:
(i)Customizing security training and awareness programs based on roles and responsibilities
(ii)Conducting thorough assessments of incident response capabilities through the framework
(iii)Integrating threat intelligence derived from ATT&CK to continuously improve the security posture"
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK
From ATT&CKcon 4.0
By Ozan Olali, IBM Security
The Electronic Flight Bag (EFB) has become an indispensable tool in modern aviation, providing pilots with digital resources and critical flight information. However, the increased reliance on EFB systems running on operating systems, introduces various security challenges. In this session, a technical assessment approach with MITRE ATT&CK framework to perform a comprehensive threat analysis of an EFB solution, will be presented. The potential attack vectors and relation with the risks for business/ flight operations will be demonstrated.
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR TelemetryMITRE ATT&CK
From ATT&CKcon 4.0
By Adam Ostrich and Jesse Brown, Red Canary
"Endpoint Detection & Response (EDR) telemetry offers defenders a powerful tool for catching threats. However, understanding how to validate ATT&CK technique coverage using EDR telemetry can be a challenge. As Detection Validation Engineers at a Managed Detection & Response (MDR) provider that ingests nearly a petabyte of endpoint telemetry every day, we’re in the unique and necessary position to analyze this telemetry at scale and validate its efficacy against common adversary tradecraft.
After providing a brief introduction to EDR telemetry, we’ll discuss how to break ATT&CK techniques down to individual data components, perform functional tests, analyze the ways that specific actions translate to telemetry records, and compare this analysis across different EDR sensors. We’ll discuss the tooling we’ve built to assist us in running these tests and analyzing the resulting telemetry, and we’ll explain how security teams can improve their own functional testing efforts by creating an automated validation workflow. Finally, we’ll describe how this approach has enabled us to more effectively understand and use EDR telemetry, highlighting where this telemetry excels and fails at detecting ATT&CK techniques."
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSMITRE ATT&CK
From ATT&CKcon 4.0
By Marina Liang
"LABYRINTH CHOLLIMA is a prolific Democratic People's Republic of Korea (DPRK) nexus adversary focused on cyber espionage. They have been recently observed targeting FinTech (financial technology) companies in cryptocurrency revenue generation efforts. LABYRINTH CHOLLIMA has been associated with many high profile attacks, including the Sony Pictures Entertainment (SPE) breach, the WannaCry 2.0 global surge, and most recently, the 3CX supply chain compromise. Increasingly versed in cross-platform intrusions, LABYRINTH CHOLLIMA has been observed targeting macOS operating systems, and evolving their tactics, techniques, and tooling to keep in lockstep with the evolving security landscape.
This talk will deep dive into the interactive macOS intrusions Crowdstrike has attributed to LABYRINTH CHOLLIMA. We will delve into the adversary's macOS tradecraft, techniques to circumvent existing OS protections, and social engineering tactics, while showcasing how their mechanisms and tooling map to the MITRE ATT&CK kill chain, featuring some newly proposed MITRE techniques related to the Transparency, Consent, and Control (TCC) database."
Using ATT&CK to created wicked actors in real dataMITRE ATT&CK
From ATT&CKcon 4.0
By Simeon Kakpovi and Greg Schloemer, KC7 Foundation
"KC7 uses an experiential learning pedagogy to teach cybersecurity analysis to students of all levels, from elementary school all the way to industry professionals. In the KC7 experience, students analyze realistic cybersecurity data and answer a series of CTF-style questions that guide them through an investigative journey.
In order to generate authentic intrusion data, we create a fictional company that is attacked by cyber threat actors. The attributes and behaviors of these actors are defined via yaml configurations that are modeled based on MITRE ATT&CK categories and techniques. For example, we can granularly define what techniques an attacker uses for initial access or lateral movement, and how the actor explicitly uses those techniques.
Students that effectively analyze KC7 intrusion data can map the observed activity to the various stages of the MITRE ATTA&CK framework. Organizing actor definitions around the ATTA&CK framework allows KC7 to create a rich set of intrusion data in various permutations - and ensure that students are exposed to a diverse array of scenarios. A pleasant byproduct of this methodology is that students of MITRE ATT&CK can now study techniques contextually in data rather than just reading about them in reports."
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
From ATT&CKcon 4.0
By Olaf Harton, FalconForce
"Modern security teams have been engineering solid detections for a while now. All this great output also needs to be managed well.
* How can we make sure that the detections we have spent a lot of time developing are deployed and are running in production in the same way as they were designed?
* How can we assure our detection and prevention controls are still working and are detecting the attacks they have been designed to cover?
We will show how we have built a robust and flexible development and deployment process using cloud technnologies. This process allows us to quickly and easily implement new detection controls, test them across multiple environments, and deploy them in a controlled and consistent manner.
We will discuss how security teams can reap the benefits of using detection-as-code, and how this can help achieving a single source of truth for their detection logic. Adopting this approach enables teams to use automation and unit testing to manage and validate their detection controls across multiple environments and ensure proper documentation. By adopting a detection-as-code approach, teams can gain the confidence that comes from knowing that their detections and mitigations work as intended."
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...MITRE ATT&CK
From ATT&CKcon 4.0
By Scott Roberts, Interpres Security
"Building threat intelligence is challenging, even under the most ideal circumstances. But what if you are even more limited in your resources? You are part of a small (but skilled) team, with high expectations, and people are relying on you to make business-critical decisions…all the time! What do you do in that situation? Turn a Toyota Tercel into a tank, of course.
The Interpres Security threat intelligence team found itself in that exact situation. Wanting to leverage the MITRE ATT&CK catalog in creating a comprehensive and timely threat intelligence repository, the Interpres team built a series of tools, processes, and paradigms that we call Intelligence Engineering. In this talk, we’ll examine how we combined ATT&CK, STIX2, the Vertex Project’s open-source intelligence platform, Synapse, and custom code to deliver meaningful, rapid, verifiable intelligence to our customers. We’ll share lessons learned on automation, how to run multiple ATT&CK libraries side-by-side, and making programmatic intelligence delivery scalable and effective – just like building a tank out of an imported sedan."
Discussion on Finding Relationships in Cyber DataMITRE ATT&CK
From ATT&CKcon 4.0
By Stephen Johnson and Emma MacMullan, Capital One
Capital One is currently building a Security Graph to tie together various Cyber Teams and their data -- Controls, Objectives, Tools, and Countermeasures, Threats. It is an ambitious project that will help us identify gaps and focus our controls on the most likely and persistent threats. It is a work in progress that is using MITRE ATT&CK and D3FEND as a "lingua franca" to tie together the elements of the graph, so we have a common understanding across the enterprise.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
8. Losing our ability to focus
Engagement Based Algorithms from smartphones to
social media have rewired our ‘collective’ brain:
• Rapidly changing content and constant interruptions reduce
our capacity to pay attention
• The average person checks their email 74 times a day
9. Digital Reading – According to
the Research
Reading from screens has a negative effect on reading
performance, relative to reading from paper
• Skimming
• Searching for important call-outs
• Hyperlinks
• Loss of comprehension
10. We are now losing “our
ability to read long
texts…our cognitive
patience…[and] the
stamina and the ability to
deal with cognitively
challenging texts.”
-Dr. Anne Mangen,
Professor of Literacy
11. Graph Credit: Scott Small, Director of Cyber Threat Intelligence, Tidal Cyber
12. Navigating the Attention Economy
BLUF: The single
most important
piece of
information
Knowing what
NOT to include
Writing to your
Audience
A wealth of information
creates a poverty of
attention
14. Let’s look outside of CTI
Video
Tweets with video get 10x
more engagement, 5x more
replies, 2.8x more retweets
and 1.9x more likes
Viewers retain 95% of a
marketing message when
they watch in in a video
compared to 10% in text
Images
Tweets with images are
150% more likely to be
shared than text-only tweets
Our brain processes images
60,000 times faster than
text
Infographics
Use of infographics result in
65%–100% increase in
average session duration
Infographics can increase
increase in depth of scroll up
to 317%
15. Let’s look outside of CTI
Infographics
Use of infographics result in
65%–100% increase in
average session duration
Infographics can increase
increase in depth of scroll up
to 317%
16. • Easy to
Digest
• Different
Venues
• Solutions and
Mitigations
Goals of Every Intelligence Product
18. Utilizing ATT&CK to
Reduce Cognitive Load
• Research and analysis tool
• Use tables to minimize ‘searching’ for
techniques in long paragraphs
• Rethink ATT&CK as an infographic
• Simplify table to reach your audience
19. AUDIENCE - DETECTION
FOCUS on where detections occur in the attack
chain and where the gaps occur
• Behavioral analytics and hunting rules to the
forefront of any intelligence product
• Use MITRE ATT&CK to standardize the story
IMPACT
T1486
LATERAL
MOVEMENT
T1021
EXECUTION
T1059
Detection
INITIAL
ACCESS
T1566
Detection
20. AUDIENCE - MITIGATION
FOCUS: Connect the campaign to security
controls and provide specific mitigations
that can be implemented
• ATT&CK Navigator to create a heat map
for threat techniques
• Security hardening recommendations are
at the forefront of the intelligence product
21. AUDIENCE - STRATEGIC
FOCUS: Security investments and
risks to business
• Strategic audience likely has the
most limited time, attention, and
focus
• ATT&CK as a research tool and to
identify specific areas of risk and
needed security spending
23. KEY TAKEAWAYS
Think about your
audience:
• There’s a variety of
communication mechanisms
from video to social media to
white papers
• Who is your audience?
• What will resonate with your
audience?
23
001
002
003
24. KEY TAKEAWAYS
Identify the “so-what”:
• Bring the ‘so-what’ to the
front of the intelligence
product
• Consumers should be able
to effectively digest and
action the information
24
001
002
003
