As a community, we struggle with how to make threat intelligence actionable. We fall back to indicators of compromise because they’re easy to apply to defenses, but we know we need to track adversary behavior to make our defenses less fragile. MITRE ATT&CK can help. The presenters will explain how you can use ATT&CK to classify adversary behavior and apply that intel to your defenses – and then provide the data to ensure that this process really works. This presentation will start by explaining how you can use ATT&CK to organize the threat intelligence you’re already collecting.
The presenters will walk through examples of how to “extract” ATT&CK techniques from your data, and then suggest ideas for how you can use that intel to prioritize defenses in your organization. Next, the presenters will take the theoretical process and make it real. They will provide an exclusive first look at a rich multi-year data set of confirmed threats based on ATT&CK-mapped detection criteria. The presenters will give an overview of the methodology (including bias and limitations), then discuss what they learned from the data.
Topics covered include the top techniques observed, key technique trends, and how to improve your hunting and detection based on those observations. Attendees will learn how to shift their thinking about threat intel toward tracking behavior and gain perspective on where they should prioritize their detections based on threat intel from years of confirmed threats. Analysts will learn how to structure original reporting in the form of ATT&CK techniques to increase the effectiveness and usability of the products they create for defenders.
Brian Beyer, CEO & Co-Founder, Red Canary
Katie Nickels (@likethecoins), ATT&CK Threat Intelligence Lead, The MITRE Corporation
Поделиться в:
Доступные форматы для скачивания:
Скачать видео mp4
Информация по загрузке:
Скачать аудио mp3
Похожие видео
array(18) {
["giHof1SoZv4"]=>
object(stdClass)#5879 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "giHof1SoZv4"
["related_video_title"]=>
string(50) "Whiteboard Wednesday: 3 Minutes on MITRE ATT&CK™"
["posted_time"]=>
string(19) "7 лет назад"
["channelName"]=>
NULL
}
["WmQPtk3Ybxs"]=>
object(stdClass)#5884 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "WmQPtk3Ybxs"
["related_video_title"]=>
string(22) "How MITRE ATT&CK works"
["posted_time"]=>
string(19) "1 год назад"
["channelName"]=>
NULL
}
["_DNR7Mjhip4"]=>
object(stdClass)#5877 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "_DNR7Mjhip4"
["related_video_title"]=>
string(81) "What is CTI ? The Key to Cyber Threat Intelligence Explained || English Subtitle"
["posted_time"]=>
string(19) "1 год назад"
["channelName"]=>
NULL
}
["jqnlA-bh0p4"]=>
object(stdClass)#5890 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "jqnlA-bh0p4"
["related_video_title"]=>
string(162) "Началось! Майдан СКИДЫВАЕТ с должности Зеленского! РЕЗКИЙ ОТВЕТ на условия протестующих"
["posted_time"]=>
string(21) "4 часа назад"
["channelName"]=>
NULL
}
["IUlnYTSMRC8"]=>
object(stdClass)#5871 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "IUlnYTSMRC8"
["related_video_title"]=>
string(116) "Самый большой ПРОРЫВ ОСЕНИ! Бросок на 10 КМ! Военные сводки 15.11.2025"
["posted_time"]=>
string(21) "4 часа назад"
["channelName"]=>
NULL
}
["FLpS7OfD5-s"]=>
object(stdClass)#5887 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "FLpS7OfD5-s"
["related_video_title"]=>
string(148) "Почему MCP действительно важен | Модель контекстного протокола с Тимом Берглундом"
["posted_time"]=>
string(27) "5 месяцев назад"
["channelName"]=>
NULL
}
["Wt3a4isYbWs"]=>
object(stdClass)#5875 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "Wt3a4isYbWs"
["related_video_title"]=>
string(53) "SANS Cyber Threat Intelligence Summit & Training 2019"
["posted_time"]=>
string(19) "6 лет назад"
["channelName"]=>
NULL
}
["SFFdbeogLFc"]=>
object(stdClass)#5888 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "SFFdbeogLFc"
["related_video_title"]=>
string(123) "Что такое XDR, EDR и MDR? Разбор расширенного обнаружения и реагирования"
["posted_time"]=>
string(21) "4 года назад"
["channelName"]=>
NULL
}
["vtUHgkTKju0"]=>
object(stdClass)#5865 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "vtUHgkTKju0"
["related_video_title"]=>
string(77) "Все концепции сетей объясняются за 8 минут"
["posted_time"]=>
string(28) "10 месяцев назад"
["channelName"]=>
NULL
}
["5XF7U4smX8I"]=>
object(stdClass)#5886 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "5XF7U4smX8I"
["related_video_title"]=>
string(161) "Западные наемники к такому не готовы: новая реальность современной войны | Крамаровский"
["posted_time"]=>
string(23) "6 часов назад"
["channelName"]=>
NULL
}
["mksE4b9s_Xo"]=>
object(stdClass)#5878 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "mksE4b9s_Xo"
["related_video_title"]=>
string(147) "Самый ПРОСТОЙ Путь Сделать Fine Tune Модели Для Ollama (Локальная Модель, Google Colab, Unsloth)"
["posted_time"]=>
string(22) "12 дней назад"
["channelName"]=>
NULL
}
["78RIsFqo9pM"]=>
object(stdClass)#5889 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "78RIsFqo9pM"
["related_video_title"]=>
string(37) "How to use the MITRE ATT&CK Navigator"
["posted_time"]=>
string(19) "6 лет назад"
["channelName"]=>
NULL
}
["tApGJNXLak8"]=>
object(stdClass)#5872 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "tApGJNXLak8"
["related_video_title"]=>
string(173) "⚡️НОВОСТИ | АВАРИЙНАЯ ПОСАДКА SUPERJET | СНЕГ В МОСКВЕ | ДТП С МАРШРУТКОЙ: СЕМЕРО ПОГИБЛИ| НПЗ ГОРИТ"
["posted_time"]=>
string(21) "2 часа назад"
["channelName"]=>
NULL
}
["PwKUw5ljc2o"]=>
object(stdClass)#5870 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "PwKUw5ljc2o"
["related_video_title"]=>
string(79) "Школьник Взломал Playstation, но его Спасли Anonymous"
["posted_time"]=>
string(19) "2 дня назад"
["channelName"]=>
NULL
}
["2icKi2q6NS4"]=>
object(stdClass)#5868 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "2icKi2q6NS4"
["related_video_title"]=>
string(24) "The Anatomy of an Att&ck"
["posted_time"]=>
string(21) "2 года назад"
["channelName"]=>
NULL
}
["GDHtY70f-m4"]=>
object(stdClass)#5869 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "GDHtY70f-m4"
["related_video_title"]=>
string(156) "Воронеж: Взрыв на заводе Искандеров. Страшные последствия в Новороссийске и Саратове"
["posted_time"]=>
string(24) "16 часов назад"
["channelName"]=>
NULL
}
["czvMyP5aDfI"]=>
object(stdClass)#5866 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "czvMyP5aDfI"
["related_video_title"]=>
string(66) "Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017"
["posted_time"]=>
string(19) "8 лет назад"
["channelName"]=>
NULL
}
["ZfJ01ZFCMe0"]=>
object(stdClass)#5867 (5) {
["video_id"]=>
int(9999999)
["related_video_id"]=>
string(11) "ZfJ01ZFCMe0"
["related_video_title"]=>
string(0) ""
["posted_time"]=>
string(19) "5 лет назад"
["channelName"]=>
NULL
}
}
