This presentation was originally made for HTCIA on May 5, 2021.
The MITRE ATT&CK framework offers the promise of durable indicators of cyber attacks. Unlike threat intelligence, which tends to have a short shelf life, many of the TTPs in ATT&CK are difficult for attackers to avoid. The value of these indicators was demonstrated in the SolarWinds and Hafnium attacks, but they apparently did not play a key role in initial discovery. Presentation will examine the ATT&CK framework from the perspective of using it for real time detection and alerting, describe associated challenges, and reveal capabilities that can help defenders successfully apply the framework to detect advanced threats.
Presented by Hoke Smith, Vice President, Cybersecurity
Hoke is Vice President, Cybersecurity at Nuix, specializing in endpoint security. Based in Herndon, Virginia, Mr. Smith has more than 20 years experience working with commercial and government organizations on a wide variety of complex challenges including endpoint security, insider threat, identity correlation, and quantitative analytics.