MITRE ATT&CK Triage Presentation 2024 3jlxksllslsslnxud

jimihi8398 20 views 12 slides Oct 15, 2024
Slide 1
Slide 1 of 12
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12

About This Presentation

MITRE_ATT&CK_Triage_Presentation.pptx

Size: 38.8 KB
Language: en
Added: Oct 15, 2024
Slides: 12 pages

Slide Content

Using MITRE ATT&CK to Triage Events [Your Name] [Presentation Date]

Introduction • Overview of MITRE ATT&CK - A comprehensive knowledge base of tactics, techniques, and procedures (TTPs) used by cyber adversaries. - Assists in understanding potential threats, improving detection, and refining incident response strategies. - Importance in triage: Provides a structured approach to evaluate security events, prioritize responses, and mitigate risks.

Understanding the ATT&CK Framework • Tactics and Techniques - Tactics: High-level objectives (e.g., Initial Access, Execution, Persistence). - Techniques: Specific methods used to achieve those objectives (e.g., phishing, PowerShell). - Examples: Tactic: Credential Access; Technique: Keylogging or credential dumping. • ATT&CK Matrices: Overview of matrices for different environments (Enterprise, Mobile, Cloud).

The Role of Triage in Incident Response • What is Triage? - Evaluating incoming security alerts to determine their severity, relevance, and potential impact. - Essential for efficient resource allocation and response prioritization in a SOC. • How Triage Fits into the SOC Workflow - Detection → Triage → Investigation → Response. - Triage acts as a filter to ensure high-priority incidents escalate to investigation and response.

Leveraging MITRE ATT&CK for Triage • Mapping Events to ATT&CK - Correlate observed security events with specific ATT&CK techniques. - Example: Unusual login attempts may map to 'Brute Force' under 'Credential Access' tactic. • Prioritization of Events - Assess threat levels based on known TTPs. - Factors: Severity, Confidence Level.

Example Triage Scenario • Case Study - Scenario: Employee reports phishing emails; SIEM alerts for multiple login attempts. - Analysis Using ATT&CK: - Identify techniques: Initial Access via phishing, Credential Access through brute force. - Investigate logs for suspicious IP addresses. • Decision Making - Determine if immediate action is needed (e.g., password reset, account lockout).

Integrating ATT&CK into Security Tools • SIEM and Threat Hunting - Integrate ATT&CK into SIEM systems for improved detection capabilities. - Create alerts based on known techniques. • Automated Detection - Use MITRE Caldera for automated adversary emulation to test detections. - Implement custom detection rules based on ATT&CK.

Best Practices for Using MITRE ATT&CK • Continuous Learning - Update knowledge on emerging techniques and adversary behaviors. - Participate in workshops and training sessions. • Collaboration - Encourage teamwork within the SOC and sharing insights. • Documentation - Maintain records of triaged events and decisions for future reference.

Future Trends and Challenges • Adapting to Evolving Threats - MITRE ATT&CK evolves as new TTPs are identified, requiring teams to stay informed. • Challenges in Implementation - Resource Constraints: Limited staffing/tools can hinder effective implementation. - Skill Gaps: Ensuring SOC personnel are trained in using ATT&CK effectively.

Conclusion • Key Takeaways - MITRE ATT&CK is a powerful tool for enhancing event triage. - Structured approaches improve incident response efficiency and effectiveness. - Continuous education and adaptation to evolving threats are crucial.

Q&A • Open the floor for questions from the audience.

References • Useful Resources: - MITRE ATT&CK Framework: https://attack.mitre.org - SANS Institute - Using the ATT&CK Framework: https://www.sans.org/white-papers/38096/ - Cybint - Triage Using MITRE ATT&CK: https://cybintsolutions.com
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 20
  • Slides 12
  • Age 412 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category