[APAC] Explore 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365

Logo
Presented by

Randy Franklin Smith, Dan Kaiser, Brian Coulson, Sally Vincent

About this talk

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including: - Initial Access: Get into your network - Persistence: Maintain their foothold - Privilege Escalation: Gain higher-level permissions - Defense Evasion: Avoid being detected - Credential Access: Steal account names and passwords - Discovery: Figure out your environment - Lateral Movement: Move through your environment - Collection: Gather data of interest to their goal - Exfiltration: Steal data The only ones missing at this time are: - Execution: Run malicious code - Command and Control: Communicate with compromised systems to control them - Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data. In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework. Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment: - T1114: Email Collection - T1534: Internal Spearphishing - T1098: Account Manipulation - T1136: Create Account - T1192: Spearphishing Link Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (259)
Subscribers (76731)
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com