Exploring 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365

Presented by

Randy Franklin Smith, Dan Kaiser, Brian Coulson, Sally Vincent

About this talk

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including: - Initial Access: Get into your network - Persistence: Maintain their foothold - Privilege Escalation: Gain higher-level permissions - Defense Evasion: Avoid being detected - Credential Access: Steal account names and passwords - Discovery: Figure out your environment - Lateral Movement: Move through your environment - Collection: Gather data of interest to their goal - Exfiltration: Steal data The only ones missing at this time are: - Execution: Run malicious code - Command and Control: Communicate with compromised systems to control them - Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data. In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework. Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment: - T1114: Email Collection - T1534: Internal Spearphishing - T1098: Account Manipulation - T1136: Create Account - T1192: Spearphishing Link Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (21)
Subscribers (8193)
Notice: LogRhythm APJ channel has moved! Please note that this channel will not be updated with new content from 31 December 2020. We invite you to our new and improved LogRhythm channel, which can be accessed here: https://www.brighttalk.com/channel/12099/ At LogRhythm, we strive to provide our users and subscribers with the latest security tips & tricks available on-demand. Check out our latest talk: How to build an effective security program with limited resources: https://www.brighttalk.com/webcast/12099/460817