MA
Uploaded byMITRE ATT&CK
239 views

Updates from the Center for Threat-Informed Defense

The Center for Threat-Informed Defense conducts collaborative cybersecurity research projects to improve defenses. It has a global membership of sophisticated organizations committed to public interest research. Recent projects include emulation plans for the OceanLotus adversary and evaluating analytic dependencies. Upcoming work includes mappings of security controls to techniques and guidance for threat modeling with ATT&CK. The Center aims to advance the field through an open community approach.

Embed presentation

Downloaded 53 times
Updates from the Center for Threat-Informed Defense October 25, 2023 © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
The Center for Threat-InformedDefense conducts collaborative R&D projects that improve cyber defense at scale + Membership is: q Highly-sophisticated q Global & cross-sector q Non-governmental Committed to collaborative R&D in the public interest Intel (logo pending) 36 © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
© 2023 MITRE Engenuity. Approved for public release. Document number CT0086 Arepeatable,scalable,approachtoR&D built on member-powered collaboration Systematically identify challenges Develop solutions together
R&D Problem Areas Cyber Threat Intelligence Increase operational effectiveness of threat-intel products and advance the global understanding of adversary behaviors. Test & Evaluation Bring the adversary perspective to test and evaluation to understand defensive posture. Defensive Measures Systematically advance our ability to detect and prevent adversary behaviors. Center R&D is made freely-available globally © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
What have we done lately? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086 ATT&CK Integration into VERIS April 6 ATT&CK Sync May 25 CTI Blueprints June 13 NIST 800-53 Mappings Update June 14 ATT&CK Workbench August 15 TRAM II August 29 Attack Flow 2.1 August 31 Summiting the Pyramid September 13 OceanLotus Adversary Emulation Plan October 12 Sensor Mappings to ATT&CK December 14 R&D Roadmap Blog R&D Publications Annual Impact Report
Problem Threat intel reporting shows that adversaries are increasingly targeting macOS and Linux systems, and there are no public adversary emulation plans for macOS and Linux. Solution We have created an emulation plan for OceanLotus that starts on macOS and ends on a Linux host with explicit defensive telemetry for a full scope purple teaming perspective. Impact This is the first emulation plan released publicly that enables a purple team operation on macOS and Linux, providing visibility into environments inaccessible with current prior resources. OceanLotus Adversary Emulation Plan © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
Summiting the Pyramid Pyramid of Pain via David Bianco Show me mimikatz! Show me accesses of credentials in memory! Problem Adversaries can easily evade cyber analytics that are dependent on specific tools or artifacts. Solution Create and apply a methodology to evaluate the dependencies inside analytics and make them more robust by focusing on adversary behaviors. Impact Shift the advantage towards defenders with improved analytics that catch adversaries even as they evolve and detect future campaigns. Summiting the Pyramid © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
Cyber Threat Intel • Insider Threat TTP Knowledge Base v2 Advance our collective understanding of insider threats • Sightings Ecosystem II Allow defenders to make data-driven decisions Defensive Measures • Measure, Maximize, and Mature Threat-Informed Defense (M3TID) Standardize measurements of defensive ability against adversary behavior and prioritize which adversary behaviors to defend against • Mappings Explorer Explore mapped security controls from the perspective of the ATT&CK techniques they mitigate • Sensor Mappings to ATT&CK What sensors help me find evidence of the adversary’s activity? What are we doing now? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
More Mappings • What TTPs do M365 security controls mitigate? • Revise CVE to ATT&CK for Impact looking at CISA KEV list Build upon Attack Flow • Make it easy to visualize Attack Flows for a variety of use cases • Analyze collections of Attack Flows to “predict” next and previous TTP for threat-hunting and incident analysis Cyber Threat Intel • Create guidance for threat modeling with ATT&CK • Create a singular view of TTPs for OT Advance Secure AI • Document known threats to AI systems • Research into AI red teaming & threat mitigation What’s up next? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
© 2023 MITRE Engenuity. Approved for public release. Document number CT0086 An R&D organization • Explore new areas like AI, Insider Threat, OT, Risk, … • With a threat-informed approach Focused on impact • Publish foundational resources • Increase accessibility of R&D products Building a global community • EU ATT&CK Community Workshop – May 23 – 24, 2024 • Asia Pacific ATT&CK Community Workshop – Stay tuned for more What’s on the horizon? Our mission: advance the state of the art and the state if the practice in threat-informed defense globally.
How do we scale threat-informed defense? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
It takes community © 2023 MITRE Engenuity. Approved for public release. Document number CT0086 Enable the global community to advance public interest cybersecurity programs through charitable giving. Benefactors are globally recognized for supporting independent research in the public interest. Participants Benefactors Community Participants drive the R&D program with active engagement and funding Benefactors support independent research in the public interest Global adoption leads to impact. Your use cases enable improvement
Changing the game on the adversary requires a community-wide approach. You play a critical role! Join us and change the game! © 2023 MITRE Engenuity. Approved for public release. Document number CT0086 Follow us on LinkedIn for the latest updates: https://www.linkedin.com/showcase/center-for-threat-informed-defense/ Learn how your organization can get involved

More Related Content

PDF
Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
byMITRE ATT&CK
 
PDF
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
PDF
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
byMITRE ATT&CK
 
PDF
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
byMITRE ATT&CK
 
PDF
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
byMITRE ATT&CK
 
PDF
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
byMITRE ATT&CK
 
PDF
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
byMITRE ATT&CK
 
PDF
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
byMITRE ATT&CK
 
Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
byMITRE ATT&CK
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
byMITRE ATT&CK
 
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
byMITRE ATT&CK
 
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
byMITRE ATT&CK
 
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
byMITRE ATT&CK
 
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
byMITRE ATT&CK
 
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
byMITRE ATT&CK
 
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
byMITRE ATT&CK
 

What's hot

PDF
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
PDF
.LNK Tears of the Kingdom
byMITRE ATT&CK
 
PDF
CISA usage of ATT&CK in Cybersecurity Advisories
byMITRE ATT&CK
 
PDF
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
byMITRE ATT&CK
 
PDF
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
byMITRE ATT&CK
 
PDF
Cloud Native Workload ATT&CK Matrix
byMITRE ATT&CK
 
PPTX
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
PDF
Sharpening your Threat-Hunting Program with ATTACK Framework
byMITRE - ATT&CKcon
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PDF
When Insiders ATT&CK!
byMITRE ATT&CK
 
PDF
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
PDF
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
PDF
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
PDF
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
byCODE BLUE
 
PDF
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
PDF
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
PDF
The ATT&CK Philharmonic
byMITRE ATT&CK
 
PDF
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
.LNK Tears of the Kingdom
byMITRE ATT&CK
 
CISA usage of ATT&CK in Cybersecurity Advisories
byMITRE ATT&CK
 
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
byMITRE ATT&CK
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
byMITRE ATT&CK
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
byMITRE ATT&CK
 
Cloud Native Workload ATT&CK Matrix
byMITRE ATT&CK
 
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
Sharpening your Threat-Hunting Program with ATTACK Framework
byMITRE - ATT&CKcon
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
When Insiders ATT&CK!
byMITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
byCODE BLUE
 
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
The ATT&CK Philharmonic
byMITRE ATT&CK
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 

Similar to Updates from the Center for Threat-Informed Defense

PDF
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
PPTX
Purple Teaming with ATT&CK - x33fcon 2018
byChristopher Korban
 
PDF
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
byKatie Nickels
 
PPTX
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
byChristopher Korban
 
PDF
Cyber Threat hunting workshop
byArpan Raval
 
PPTX
ATT&CKing with Threat Intelligence
byChristopher Korban
 
PDF
MITRE Engenuity Center for Threat Informed Defense Impact Report 2022.pdf
byAdamAzrylJohan
 
PDF
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
byJamieWilliams130
 
PDF
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
PPTX
Cyber securityIntroduction-to-MITRE-DEFEND.pptx
bymettleatchu
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
byMITRE - ATT&CKcon
 
PDF
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
PDF
distinguishing-threat-actors-vectors-and-intelligence-sources-slides.pdf
byDoctorGarcia1
 
PDF
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
byPriyanka Aash
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
PDF
(SACON) Wayne Tufek - chapter five - attacks
byPriyanka Aash
 
PDF
Creating apt targeted threat feeds for your industry
byKeith Chapman
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
PDF
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
Purple Teaming with ATT&CK - x33fcon 2018
byChristopher Korban
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
byKatie Nickels
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
byChristopher Korban
 
Cyber Threat hunting workshop
byArpan Raval
 
ATT&CKing with Threat Intelligence
byChristopher Korban
 
MITRE Engenuity Center for Threat Informed Defense Impact Report 2022.pdf
byAdamAzrylJohan
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
byJamieWilliams130
 
Using the MITRE ATT&CK framework to analyze real-world cyberattacks
bylucytyrteos
 
Cyber securityIntroduction-to-MITRE-DEFEND.pptx
bymettleatchu
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
byMITRE - ATT&CKcon
 
Introduction to MITRE’s ATT&CK Framework.pdf
byseyohah504
 
distinguishing-threat-actors-vectors-and-intelligence-sources-slides.pdf
byDoctorGarcia1
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
byPriyanka Aash
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
byMITRE - ATT&CKcon
 
MITRE ATT&CK framework and Managed XDR Position Paper
byMarc St-Pierre
 
(SACON) Wayne Tufek - chapter five - attacks
byPriyanka Aash
 
Creating apt targeted threat feeds for your industry
byKeith Chapman
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 

More from MITRE ATT&CK

PDF
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
PDF
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
PDF
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
PDF
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
PDF
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
PDF
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
PDF
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
PDF
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
PDF
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
PDF
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
PDF
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
PDF
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
PDF
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
December Patch Tuesday
byIvanti
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
The year in review - MarvelClient in 2025
bypanagenda
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 

Updates from the Center for Threat-Informed Defense

  • 1.
    Updates from the Centerfor Threat-Informed Defense October 25, 2023 © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 2.
    The Center forThreat-InformedDefense conducts collaborative R&D projects that improve cyber defense at scale + Membership is: q Highly-sophisticated q Global & cross-sector q Non-governmental Committed to collaborative R&D in the public interest Intel (logo pending) 36 © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 3.
    © 2023 MITREEngenuity. Approved for public release. Document number CT0086 Arepeatable,scalable,approachtoR&D built on member-powered collaboration Systematically identify challenges Develop solutions together
  • 4.
    R&D Problem Areas CyberThreat Intelligence Increase operational effectiveness of threat-intel products and advance the global understanding of adversary behaviors. Test & Evaluation Bring the adversary perspective to test and evaluation to understand defensive posture. Defensive Measures Systematically advance our ability to detect and prevent adversary behaviors. Center R&D is made freely-available globally © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 5.
    What have wedone lately? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086 ATT&CK Integration into VERIS April 6 ATT&CK Sync May 25 CTI Blueprints June 13 NIST 800-53 Mappings Update June 14 ATT&CK Workbench August 15 TRAM II August 29 Attack Flow 2.1 August 31 Summiting the Pyramid September 13 OceanLotus Adversary Emulation Plan October 12 Sensor Mappings to ATT&CK December 14 R&D Roadmap Blog R&D Publications Annual Impact Report
  • 6.
    Problem Threat intel reportingshows that adversaries are increasingly targeting macOS and Linux systems, and there are no public adversary emulation plans for macOS and Linux. Solution We have created an emulation plan for OceanLotus that starts on macOS and ends on a Linux host with explicit defensive telemetry for a full scope purple teaming perspective. Impact This is the first emulation plan released publicly that enables a purple team operation on macOS and Linux, providing visibility into environments inaccessible with current prior resources. OceanLotus Adversary Emulation Plan © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 7.
    Summiting the Pyramid Pyramidof Pain via David Bianco Show me mimikatz! Show me accesses of credentials in memory! Problem Adversaries can easily evade cyber analytics that are dependent on specific tools or artifacts. Solution Create and apply a methodology to evaluate the dependencies inside analytics and make them more robust by focusing on adversary behaviors. Impact Shift the advantage towards defenders with improved analytics that catch adversaries even as they evolve and detect future campaigns. Summiting the Pyramid © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 8.
    Cyber Threat Intel •Insider Threat TTP Knowledge Base v2 Advance our collective understanding of insider threats • Sightings Ecosystem II Allow defenders to make data-driven decisions Defensive Measures • Measure, Maximize, and Mature Threat-Informed Defense (M3TID) Standardize measurements of defensive ability against adversary behavior and prioritize which adversary behaviors to defend against • Mappings Explorer Explore mapped security controls from the perspective of the ATT&CK techniques they mitigate • Sensor Mappings to ATT&CK What sensors help me find evidence of the adversary’s activity? What are we doing now? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 9.
    More Mappings • WhatTTPs do M365 security controls mitigate? • Revise CVE to ATT&CK for Impact looking at CISA KEV list Build upon Attack Flow • Make it easy to visualize Attack Flows for a variety of use cases • Analyze collections of Attack Flows to “predict” next and previous TTP for threat-hunting and incident analysis Cyber Threat Intel • Create guidance for threat modeling with ATT&CK • Create a singular view of TTPs for OT Advance Secure AI • Document known threats to AI systems • Research into AI red teaming & threat mitigation What’s up next? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 10.
    © 2023 MITREEngenuity. Approved for public release. Document number CT0086 An R&D organization • Explore new areas like AI, Insider Threat, OT, Risk, … • With a threat-informed approach Focused on impact • Publish foundational resources • Increase accessibility of R&D products Building a global community • EU ATT&CK Community Workshop – May 23 – 24, 2024 • Asia Pacific ATT&CK Community Workshop – Stay tuned for more What’s on the horizon? Our mission: advance the state of the art and the state if the practice in threat-informed defense globally.
  • 11.
    How do wescale threat-informed defense? © 2023 MITRE Engenuity. Approved for public release. Document number CT0086
  • 12.
    It takes community ©2023 MITRE Engenuity. Approved for public release. Document number CT0086 Enable the global community to advance public interest cybersecurity programs through charitable giving. Benefactors are globally recognized for supporting independent research in the public interest. Participants Benefactors Community Participants drive the R&D program with active engagement and funding Benefactors support independent research in the public interest Global adoption leads to impact. Your use cases enable improvement
  • 13.
    Changing the gameon the adversary requires a community-wide approach. You play a critical role! Join us and change the game! © 2023 MITRE Engenuity. Approved for public release. Document number CT0086 Follow us on LinkedIn for the latest updates: https://www.linkedin.com/showcase/center-for-threat-informed-defense/ Learn how your organization can get involved