Behavioral Defense Using the MITRE ATT&CK presented at SecureWorldStLouis 2020

by Beth Young,

Summary : Indicators of Compromise (IOC) have been a mainstay of security defense, but companies still get hacked. One of the problems with IOCs is that they are only good for a short space of time. A miscreant can create a new domain, use it for 12 hours and then never use it again. Defenders need to stop thinking of bad domains or bad IP addresses and start focusing on the behavior of the miscreants. Using the MITRE ATT&CK Framework, we will discuss current attack techniques and how defenders can identify gaps in security coverage.