#CyberThreat19: How to Make a Start Using Attack Frameworks

Frameworks like MITRE ATT&CK matrix are not just for large enterprises, and can be used by businesses small and large to better protect themselves and categorize attackers.

Speaking at the SANS Cyber Threat conference in London, Katie Nickels, MITRE ATT&CK threat intelligence lead and SANS Instructor said that often, people have heard of MITRE ATT&CK but are not sure what it is and don’t know where to start with it.

Featuring an imagined company under attack, Nickels said that often they will see an active attack, search for details and block based on their tactics, techniques and procedures (TTPs), but this does not consider a change in behavior by the attacker.

Nickels said that too often, a lack of a framework can lead to a breakdown in communications and collaboration between different parts of a company and security team. “You should communicate your confidence level as you can never be sure how secure you are,” she argued, recommending using a traffic light and shades of color system for confidence levels. “You can never be 100% confident as adversaries change behaviors.”

She recommended integrating teams, as “each team has something another team needs – knowledge on adversaries and tactics and what threats are, and capabilities and attack tactics.”

She also advised starting where you can, even if this is with emails, Excel or with a ticketing system. “Overlay detections and threats in your framework, what groups are known to use this technique and map different teams to an attack.”

Start by building up a library of atta ..

Support the originator by clicking the read the rest link below.