Exploring 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365

Logo
Presented by

Randy Franklin Smith, Dan Kaiser, Brian Coulson, Sally Vincent

About this talk

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including: - Initial Access: Get into your network - Persistence: Maintain their foothold - Privilege Escalation: Gain higher-level permissions - Defense Evasion: Avoid being detected - Credential Access: Steal account names and passwords - Discovery: Figure out your environment - Lateral Movement: Move through your environment - Collection: Gather data of interest to their goal - Exfiltration: Steal data The only ones missing at this time are: - Execution: Run malicious code - Command and Control: Communicate with compromised systems to control them - Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data. In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework. Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment: - T1114: Email Collection - T1534: Internal Spearphishing - T1098: Account Manipulation - T1136: Create Account - T1192: Spearphishing Link Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.

Related topics:

More from this channel

Upcoming talks (5)
On-demand talks (155)
Subscribers (61382)
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com. To learn more, please visit logrhythm.com.