Mitre ATT&CK by Mattias Almeflo Nixu
NixuOy
1,070 views
27 slides
Feb 18, 2019
Slide 1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
About This Presentation
Mitre ATT&CK presentation at Cyberförsvarsdagen 2019 by Mattias Almeflo from Nixu. https://soff.se/event/cyberforsvarsdagen-2019/
Slide Content
Mitre ATT&CK
Adversarial Tactics, Techniques, and
Common Knowledge
15 min
Adversarial Tactics, Techniques, and
Common Knowledge
15 min
Frånden lilla
människantill
den stora
myndigheten
ATT&CK –ettmodernt
IT-säkerhetsramverk
Alternativtitel:
människantill
den stora
myndigheten
ATT&CK –ettmodernt
IT-säkerhetsramverk
Alternativtitel:
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Mattias Almeflo
5.2.20193
The Security Engineer
•Systems Integrator | Information Security Architect | Team Leader
•IT security, Systems Engineering, Team Leader
2016
2010
2017
2018
•Principal Security Consultant
•Senior Information Security Architect
•Specializing in military security frameworks
•Team Leader | Information Security Architect
•Part of the founding team of Saab Cyber Security Division
•Thesis Worker | Software Developer
•Databases, .NET software development
Mattias Almeflo
5.2.20193
The Security Engineer
•Systems Integrator | Information Security Architect | Team Leader
•IT security, Systems Engineering, Team Leader
2016
2010
2017
2018
•Principal Security Consultant
•Senior Information Security Architect
•Specializing in military security frameworks
•Team Leader | Information Security Architect
•Part of the founding team of Saab Cyber Security Division
•Thesis Worker | Software Developer
•Databases, .NET software development
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Mattias Almeflo
5.2.20194
And the Domains of Warfare
2010 –2013: Land
Createdthe Secure
Operating Environment
(SOE) for the Swedish
Army (H/R)
2013 –2015: Air
Windows Securityin L16
Backbone(H/S, NS)
2015 –2016: Naval
DockerSecurityin naval
systems (H/S)
2016 –2017: Cyber
R&D Defensive Cyber Warfare
2017 –
Development
Environments (H/S)
Mattias Almeflo
5.2.20194
And the Domains of Warfare
2010 –2013: Land
Createdthe Secure
Operating Environment
(SOE) for the Swedish
Army (H/R)
2013 –2015: Air
Windows Securityin L16
Backbone(H/S, NS)
2015 –2016: Naval
DockerSecurityin naval
systems (H/S)
2016 –2017: Cyber
R&D Defensive Cyber Warfare
2017 –
Development
Environments (H/S)
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
The complexityofthe domainis staggering
5.2.20195
and my areas of focus
COMPANY UNCLASSIFIED|NOT EXPORT CONTROLLED|UNCLASSIFIED
The complexityofthe domainis staggering
5.2.20195
and my areas of focus
COMPANY UNCLASSIFIED|NOT EXPORT CONTROLLED|UNCLASSIFIED
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
This is Nixu
5.2.20196
Interruption
in security
support
Cyber security
specialists
The trusted go-to partner
for cybersecurity services
in Northern Europe
Founded in
1988
publicly listed
2014
10
Locations
Finland, Sweden,
Netherland, US,
Romania and
Australia and more
300+
98%
of our clients
recommend Nixu
Vision:
Keep the digital
society running
Mission:
Best workplace for
cyber security
specialists
Cyber security services
from board decisions to
deep forensic investigations
This is Nixu
5.2.20196
Interruption
in security
support
Cyber security
specialists
The trusted go-to partner
for cybersecurity services
in Northern Europe
Founded in
1988
publicly listed
2014
10
Locations
Finland, Sweden,
Netherland, US,
Romania and
Australia and more
300+
98%
of our clients
recommend Nixu
Vision:
Keep the digital
society running
Mission:
Best workplace for
cyber security
specialists
Cyber security services
from board decisions to
deep forensic investigations
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
The post-breach / “assume breach” age
"High-risk enterprises should assume that they are already compromised
-there is no product or combination of products that provides 100% protection"
-2012, NSS Labs Analysis,
Brief –Cybercrime Kill Chain vs. Defense Effectiveness
5.2.20197
The post-breach / “assume breach” age
"High-risk enterprises should assume that they are already compromised
-there is no product or combination of products that provides 100% protection"
-2012, NSS Labs Analysis,
Brief –Cybercrime Kill Chain vs. Defense Effectiveness
5.2.20197
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
MITRE’s “assume breach” initiative
History:
•2010 -researching data sources and analytic processes for detecting APTs
more quickly through the use of endpoint telemetry data
•2013 -developed a process for modeling an adversary’s post-compromise
behavior at a granular level. This model is named ATT&CK
(Adversarial Tactics, Techniques, and Common Knowledge).
•2015-ATT&CK is released to the world
•2018 -The first dedicated ATT&CK conference
5.2.20198
and the riseofthe ATT&CK framework
MITRE’s “assume breach” initiative
History:
•2010 -researching data sources and analytic processes for detecting APTs
more quickly through the use of endpoint telemetry data
•2013 -developed a process for modeling an adversary’s post-compromise
behavior at a granular level. This model is named ATT&CK
(Adversarial Tactics, Techniques, and Common Knowledge).
•2015-ATT&CK is released to the world
•2018 -The first dedicated ATT&CK conference
5.2.20198
and the riseofthe ATT&CK framework
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
The post-breach / “assume breach” age
5.2.20199
Dwelltime–Mandiant/FireEyeM-Trends 2018 report
The post-breach / “assume breach” age
5.2.20199
Dwelltime–Mandiant/FireEyeM-Trends 2018 report
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
The cyber killchainand ATT&CK
5.2.201910
PRE-ATT&CK
ENTERPRISE
ATT&CK
•Persistence
•Privilege Escalation
•Defense Evasion
•Credential Access
•Discovery
•Lateral Movement
•Execution
•Collection
•Exfiltration
•Command and Control
The cyber killchainand ATT&CK
5.2.201910
PRE-ATT&CK
ENTERPRISE
ATT&CK
•Persistence
•Privilege Escalation
•Defense Evasion
•Credential Access
•Discovery
•Lateral Movement
•Execution
•Collection
•Exfiltration
•Command and Control
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
ATT&CK –A more scientific way
An empirical/curated knowledge base
that helps model cyber adversaries’
tactics and techniques –and then shows how to
detect or stop them.
The real hacker playbook(+200 techniques)
5.2.201911
ATT&CK –A more scientific way
An empirical/curated knowledge base
that helps model cyber adversaries’
tactics and techniques –and then shows how to
detect or stop them.
The real hacker playbook(+200 techniques)
5.2.201911
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
APT Groups aka advance threat actors
Currently the ATT&CK framework have 78 different threat actors in its
catalogue.
Roughly 43% are attributed to countries
•13 are presumed to be Chinese-based
•12 are presumed to be Iranian-based
•7 are presumed to be Russia-based
•2 are presumed to be North Korea-based
5.2.201912
APT Groups aka advance threat actors
Currently the ATT&CK framework have 78 different threat actors in its
catalogue.
Roughly 43% are attributed to countries
•13 are presumed to be Chinese-based
•12 are presumed to be Iranian-based
•7 are presumed to be Russia-based
•2 are presumed to be North Korea-based
5.2.201912
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
The post-breach / “assume breach” age
5.2.201913
and how ATT&CK can help you leverage what you already have
1.“Think like an attacker”
by studying their blueprints
2.Fighting the digitalsleeper
agents of IT-modern systems
by behaviourmonitoring
through Tactics, Techniques
and Procedures (TTP)
The post-breach / “assume breach” age
5.2.201913
and how ATT&CK can help you leverage what you already have
1.“Think like an attacker”
by studying their blueprints
2.Fighting the digitalsleeper
agents of IT-modern systems
by behaviourmonitoring
through Tactics, Techniques
and Procedures (TTP)
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
ATT&CK and living off the land binaries (LOLBins)
“FilelessMalware Attacks on the Rise, Microsoft Says” –2018, october
•LOLBinshave been around in the wild since 2014
•Recently experienced explosive growth
•52% of non-malware attacks in 2017 involved the abuse of two
legitimate programs (powershell& WMI)
•increasing at a rate of 6.8% per month
5.2.201914
or homesteading in the enterprise with filelessattacks
ATT&CK and living off the land binaries (LOLBins)
“FilelessMalware Attacks on the Rise, Microsoft Says” –2018, october
•LOLBinshave been around in the wild since 2014
•Recently experienced explosive growth
•52% of non-malware attacks in 2017 involved the abuse of two
legitimate programs (powershell& WMI)
•increasing at a rate of 6.8% per month
5.2.201914
or homesteading in the enterprise with filelessattacks
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Thedigital sleeperagents ofmodern IT-systems
Living of the land binaries:
•Authorized, trusted applications that are used by malicious actors
•Usually never writes to disk (they are already there)
•Live in memory
•Be one with the network
•Use tools already in place, use protocols already used
•(Don’t talk when the network is quiet)
•Make their infrastructure work for you
5.2.201915
or the riseoflivingofthe land binaries(LOLBins)
Thedigital sleeperagents ofmodern IT-systems
Living of the land binaries:
•Authorized, trusted applications that are used by malicious actors
•Usually never writes to disk (they are already there)
•Live in memory
•Be one with the network
•Use tools already in place, use protocols already used
•(Don’t talk when the network is quiet)
•Make their infrastructure work for you
5.2.201915
or the riseoflivingofthe land binaries(LOLBins)
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Biancos“Pyramid of Pain”
5.2.201916
Biancos“Pyramid of Pain”
5.2.201916
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Simple examples of TTP
TTP in a windows environment
•“a privilegeescalationvia the Microsoft Connection Manager Profile
Installer (CMSTP.exe)”
Using a non-cyber analogy
•“a specific approach to counterfeiting $100 dollar bills can be thought
of as a TTP while the specific guidance for detecting bills (wrong
color, bad watermark, etc.) using this approach can be thought of as
Indicators.”
5.2.201917
Tactics, Techniques and Procedures
Simple examples of TTP
TTP in a windows environment
•“a privilegeescalationvia the Microsoft Connection Manager Profile
Installer (CMSTP.exe)”
Using a non-cyber analogy
•“a specific approach to counterfeiting $100 dollar bills can be thought
of as a TTP while the specific guidance for detecting bills (wrong
color, bad watermark, etc.) using this approach can be thought of as
Indicators.”
5.2.201917
Tactics, Techniques and Procedures
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
ATT&CK -Why/ Benefits
HelpsDeterminewhichtechnologieswork/fail
Identifygaps to improvesecurityposture/processes
Prioritizeworkon detecting/deteringtechniques
Evaluatenew securitytechnology
Lowcosttesting
Opensource/freetools
Atomic Red Team, Caldera, APTSimulator, AdversaryEmulationPlans, Att&ckNavigator
Highercosttestingoptional
Tripwire, All windows, CentoOS, Debian, Ubuntu& MacOS
Carbon Black
Information Sharing
Red/Blueteam, Operations, Management, Governmentbodies
5.2.201918
ATT&CK -Why/ Benefits
HelpsDeterminewhichtechnologieswork/fail
Identifygaps to improvesecurityposture/processes
Prioritizeworkon detecting/deteringtechniques
Evaluatenew securitytechnology
Lowcosttesting
Opensource/freetools
Atomic Red Team, Caldera, APTSimulator, AdversaryEmulationPlans, Att&ckNavigator
Highercosttestingoptional
Tripwire, All windows, CentoOS, Debian, Ubuntu& MacOS
Carbon Black
Information Sharing
Red/Blueteam, Operations, Management, Governmentbodies
5.2.201918
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Credits 1/4
19
Stealwithpride, watchconferencetalks witha passion!
Me, Myself& I
S03-06: Saab, the corporationvideo (6 min) -https://www.youtube.com/watch?v=2KsdPHsgR9Q
S03-06 : The domains of war -https://saab.com/land/, https://saab.com/air/, https://saab.com/naval/, https://en.wikipedia.org/wiki/Cyberwarfare
S03-06 : LinkedIn Cyber SecurityDomainMap-https://www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp
S03-06 : Nixu Oy at 600Minutes Information and Cyber Security 2017 (Spotlight) -This is Nixu -https://www.youtube.com/watch?v=pwIIJnZ8pHo
The Post-Breach Age -Quote
S07: Cybercrime Kill Chain vs. Defense Effectiveness -https://www.researchgate.net/publication/258112939_Cybercrime_Kill_Chain_vs_Defense_Effectiveness
S07: Conference: Proceedings des 13. Deutschen Sicherheitskongress des BSI –
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Veranstaltungen/ITSiKongress/13ter/Stefan_Frei_16052013.pdf
MITRE’s “assume breach” initiative
S08: Finding Cyber Threats with ATT&CK™-Based Analytics –
https://www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf
S08: ATT&CK web page -https://attack.mitre.org
S08: ATT&CK conference 2018 -https://www.mitre.org/attackcon
The Post-Breach Age -Mandiant/FireEye M-Trends 2018 report
S09: Mandiant/FireEyeM-Trends report-https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
Credits 1/4
19
Stealwithpride, watchconferencetalks witha passion!
Me, Myself& I
S03-06: Saab, the corporationvideo (6 min) -https://www.youtube.com/watch?v=2KsdPHsgR9Q
S03-06 : The domains of war -https://saab.com/land/, https://saab.com/air/, https://saab.com/naval/, https://en.wikipedia.org/wiki/Cyberwarfare
S03-06 : LinkedIn Cyber SecurityDomainMap-https://www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp
S03-06 : Nixu Oy at 600Minutes Information and Cyber Security 2017 (Spotlight) -This is Nixu -https://www.youtube.com/watch?v=pwIIJnZ8pHo
The Post-Breach Age -Quote
S07: Cybercrime Kill Chain vs. Defense Effectiveness -https://www.researchgate.net/publication/258112939_Cybercrime_Kill_Chain_vs_Defense_Effectiveness
S07: Conference: Proceedings des 13. Deutschen Sicherheitskongress des BSI –
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Veranstaltungen/ITSiKongress/13ter/Stefan_Frei_16052013.pdf
MITRE’s “assume breach” initiative
S08: Finding Cyber Threats with ATT&CK™-Based Analytics –
https://www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf
S08: ATT&CK web page -https://attack.mitre.org
S08: ATT&CK conference 2018 -https://www.mitre.org/attackcon
The Post-Breach Age -Mandiant/FireEye M-Trends 2018 report
S09: Mandiant/FireEyeM-Trends report-https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Credits 2/4
20
Stealwithpride, watchconferencetalks witha passion!
The cyber kill chain and ATT&CK
S10: TripWire, Defend Your Data Now with the MITRE ATT&CK Framework -https://www.youtube.com/watch?v=io4vCTBLa78
Slides -https://www.slideshare.net/Tripwire/defend-your-data-now-with-the-mitre-attck-framework
ATT&CK –A more scientific way
S10: A short animated video about MITRE ATT&CK™ Framework -https://www.youtube.com/watch?v=0BEf6s1iu5g
S10: Science –It is the answer -https://www.deviantart.com/dormantflame/art/Because-Science-390410617
S10: The full ATT&CK Matrix -https://attack.mitre.org/matrices/enterprise/
S10: 3 minutes on MITRE ATT&CK -https://www.rapid7.com/resources/3-minutes-on-mitre-attack
APT Groups aka advance threat actors
S11: ATT&CK Groups: https://attack.mitre.org/groups/
The post-breach / “assume breach” age and how ATT&CK can help you leverage what you already have
S09: Image -https://www.acsac.org/2017/workshops/icss/Otis-Alexander-ICS,%20Adversarial%20Tactics,%20Techniques.pdf
ATT&CK and LOLBinsor homesteading in the enterprise with filelessattacks
S14: FilelessMalware Attacks on the Rise, Microsoft Says -https://www.securityweek.com/fileless-malware-attacks-rise-microsoft-says
S14: Carbon Black 2017 Threat Report -
https://www.carbonblack.com/wp-content/uploads/2018/01/CB-Thread-Report-2017-122117.pdf
S14: DerbyCon3.0 Living Off The Land A Minimalist S Guide To Windows Post Exploitation -https://youtu.be/j-r6UonEkUw
Credits 2/4
20
Stealwithpride, watchconferencetalks witha passion!
The cyber kill chain and ATT&CK
S10: TripWire, Defend Your Data Now with the MITRE ATT&CK Framework -https://www.youtube.com/watch?v=io4vCTBLa78
Slides -https://www.slideshare.net/Tripwire/defend-your-data-now-with-the-mitre-attck-framework
ATT&CK –A more scientific way
S10: A short animated video about MITRE ATT&CK™ Framework -https://www.youtube.com/watch?v=0BEf6s1iu5g
S10: Science –It is the answer -https://www.deviantart.com/dormantflame/art/Because-Science-390410617
S10: The full ATT&CK Matrix -https://attack.mitre.org/matrices/enterprise/
S10: 3 minutes on MITRE ATT&CK -https://www.rapid7.com/resources/3-minutes-on-mitre-attack
APT Groups aka advance threat actors
S11: ATT&CK Groups: https://attack.mitre.org/groups/
The post-breach / “assume breach” age and how ATT&CK can help you leverage what you already have
S09: Image -https://www.acsac.org/2017/workshops/icss/Otis-Alexander-ICS,%20Adversarial%20Tactics,%20Techniques.pdf
ATT&CK and LOLBinsor homesteading in the enterprise with filelessattacks
S14: FilelessMalware Attacks on the Rise, Microsoft Says -https://www.securityweek.com/fileless-malware-attacks-rise-microsoft-says
S14: Carbon Black 2017 Threat Report -
https://www.carbonblack.com/wp-content/uploads/2018/01/CB-Thread-Report-2017-122117.pdf
S14: DerbyCon3.0 Living Off The Land A Minimalist S Guide To Windows Post Exploitation -https://youtu.be/j-r6UonEkUw
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Credits 3/4
21
Stealwithpride, watchconferencetalks witha passion!
The digital sleeper agents of modern systems, or the rise of LOLBins
S15: LOLBins: Attackers Are Abusing Trusted Binaries to Target Organizations -https://blog.barkly.com/what-are-lolbins-living-off-the-land-binaries
Biancos“Pyramid of Pain”
S16: The Pyramid of Pain -http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Simple examples of TTP
S17: TTP vs Indicator: A simple usage overview -https://stixproject.github.io/documentation/concepts/ttp-vs-indicator/
S17: IOCs vs. TTPs-https://azeria-labs.com/iocs-vs-ttps/
ATT&CK -Why / Benefits
S18: Tools -https://attack.mitre.org/resources/adversary-emulation-plans/
S18: Tools -https://github.com/NextronSystems/APTSimulator
S18: Tools -https://github.com/redcanaryco/atomic-red-team
S18: Tools -https://github.com/mitre/caldera
S18: Tools -https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/just-released-version-2-of-the-attck%E2%84%A2
S18: Tools -https://github.com/mitre/attack-navigator
Credits 3/4
21
Stealwithpride, watchconferencetalks witha passion!
The digital sleeper agents of modern systems, or the rise of LOLBins
S15: LOLBins: Attackers Are Abusing Trusted Binaries to Target Organizations -https://blog.barkly.com/what-are-lolbins-living-off-the-land-binaries
Biancos“Pyramid of Pain”
S16: The Pyramid of Pain -http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Simple examples of TTP
S17: TTP vs Indicator: A simple usage overview -https://stixproject.github.io/documentation/concepts/ttp-vs-indicator/
S17: IOCs vs. TTPs-https://azeria-labs.com/iocs-vs-ttps/
ATT&CK -Why / Benefits
S18: Tools -https://attack.mitre.org/resources/adversary-emulation-plans/
S18: Tools -https://github.com/NextronSystems/APTSimulator
S18: Tools -https://github.com/redcanaryco/atomic-red-team
S18: Tools -https://github.com/mitre/caldera
S18: Tools -https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/just-released-version-2-of-the-attck%E2%84%A2
S18: Tools -https://github.com/mitre/attack-navigator
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Credits 4/4
22
Stealwithpride, watchconferencetalks witha passion!
Books youshouldread thatmighthavebeenmentionedbutaren’trepresentedby a slide:
-Site Reliability Engineering, How Google Runs Production Systems (552 pages) -http://shop.oreilly.com/product/0636920041528.do
-Vem kan man lita på?: den globala övervakningens framväxt (304 pages) -
http://www.adlibris.com/se/bok/vem-kan-man-lita-pa-den-globala-overvakningens-framvaxt-9789175453958
-Konsten att gissa rätt -Underrättelsevetenskapens grunder (218 pages) -
https://www.adlibris.com/se/bok/konsten-att-gissa-ratt---underrattelsevetenskapens-grunder-9789144004389
BONUS Slides
Benefits(The stuxnetsaga)
S25: Mapping Stuxnet on the ATT&CK framework -http://hugoideler.com/2017/10/mapping-stuxnet-attck-framework/
Heatmapfor visibility
S26: Defend Your Data Now with the MITRE ATT&CK Framework-https://www.youtube.com/watch?v=io4vCTBLa78
MAP CIS20 to Att&ckfor an easy start
S27: Mapping the ATT&CK Framework to CIS Controls –
https://www.tripwire.com/state-of-security/security-data-protection/security-controls/mapping-the-attck-framework-to-cis-controls/
Credits 4/4
22
Stealwithpride, watchconferencetalks witha passion!
Books youshouldread thatmighthavebeenmentionedbutaren’trepresentedby a slide:
-Site Reliability Engineering, How Google Runs Production Systems (552 pages) -http://shop.oreilly.com/product/0636920041528.do
-Vem kan man lita på?: den globala övervakningens framväxt (304 pages) -
http://www.adlibris.com/se/bok/vem-kan-man-lita-pa-den-globala-overvakningens-framvaxt-9789175453958
-Konsten att gissa rätt -Underrättelsevetenskapens grunder (218 pages) -
https://www.adlibris.com/se/bok/konsten-att-gissa-ratt---underrattelsevetenskapens-grunder-9789144004389
BONUS Slides
Benefits(The stuxnetsaga)
S25: Mapping Stuxnet on the ATT&CK framework -http://hugoideler.com/2017/10/mapping-stuxnet-attck-framework/
Heatmapfor visibility
S26: Defend Your Data Now with the MITRE ATT&CK Framework-https://www.youtube.com/watch?v=io4vCTBLa78
MAP CIS20 to Att&ckfor an easy start
S27: Mapping the ATT&CK Framework to CIS Controls –
https://www.tripwire.com/state-of-security/security-data-protection/security-controls/mapping-the-attck-framework-to-cis-controls/
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Q&A:
Hur har du praktiskt använt ATT&CK i ditt arbete?
24
1.Härdningspolicies
-Uppföljningochimplementation
2.Arkitekturaudits/ Systemgranskning
-GAP-analyserutifråndefinieradehotbilder
3.SOC-förmåga/ Detektion/ Endpoint Protection
-GAP-analyserutifråndefinieradehotbilder
4.Graferochvisuelluppföljningav systematiskt
teknisktsäkerhetsarbete
Q&A:
Hur har du praktiskt använt ATT&CK i ditt arbete?
24
1.Härdningspolicies
-Uppföljningochimplementation
2.Arkitekturaudits/ Systemgranskning
-GAP-analyserutifråndefinieradehotbilder
3.SOC-förmåga/ Detektion/ Endpoint Protection
-GAP-analyserutifråndefinieradehotbilder
4.Graferochvisuelluppföljningav systematiskt
teknisktsäkerhetsarbete
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
5.2.201925
5.2.201925
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
Heatmapfor visibility
5.2.201926
Heatmapfor visibility
5.2.201926
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED
MAP CIS20 to Att&ckfor an easystart
5.2.201927
MAP CIS20 to Att&ckfor an easystart
5.2.201927
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,070
- Slides 27
- Favorites 1
- Age 2485 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
35 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
36 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
35 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
30 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
32 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
35 views