Threat Defense: Defending the ATT&CK with TTP’s presented at AppSecIndonesia2020 2020

by Avkash Kathiriya,

Summary : For defenders in the current threat landscape, threat intelligence is mostly focused on Observables and Indicators of Compromise (IOCs) which are more technical in nature and have a very short lifespan. By the time controls are put in place to thwart the technical IOCs, attackers may have already changed them and countered with new attacks. Therefore, it becomes essential for defenders to continuously harness and operationalize the tactical information made available by technical threat intelligence to identify the Tactics, Techniques, and Procedures (TTPs) used by attackers and deploy the corresponding countermeasures in real-time.TTPs are the new way of tackling attackers and having your countermeasures in place. This talk will help the defenders understand how to harness the information for TTPs from external and internal sources, how to map/create their own specific tactical threat landscape, and how to use the harnessed information for SOC, IR, Threat Hunting, and Threat Intelligence use cases.