The Mitre ATT&CK Framework is for all of us, and it is time to pay attention to it presented at LASCON2018 2018

by Michael Gough,

Summary : Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) base to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of the ATT&CK base is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. The ATT&CK framework provides for a way for us to map what technologies and procedures we have, and then map any gaps that we have that then can be addressed. Applying ATT&CK to existing, or as you design systems and applications can benefit us in the long run. Whether you are a security generalist, application security specialist, blue team defender, or even on the red team, the ATT&CK framework helps us understand the areas we should focus. Whether your role is to detect and respond to attacks, or design a new system or application, the goal in the end is to improve prevention and/or shore up our defenses.The mappings of tactics help us to understand how and what the hackers actually use to attack our systems. Whether our web applications, what happens once they exploit a flaw, the tactics they then use to move further within our environments, and then detect and then respond, or help us identify and build a process and the needed procedures to respond to an attack. ATT&CK is something information security has needed for a long time as it provides us valuable insight to help us identify our gaps, know our weaknesses, but more importantly map them to something non-compliance related that is based on the actual tactics and techniques of our adversaries.This talk will go over the ATT&CK matrix and how we might use it to measure ourselves and our gaps, something all of us need, or must do. ATT&CK exceeds what compliance has been trying to do for decades, because ATT&CK is what the hackers actually do, not what compliance says to do.