Applying the MITRE ATT&CK Framework to Detect Insider Threats

Logo
Presented by

Augusto Barros, VP of Solutions at Securonix

About this talk

The MITRE ATT&CK framework has become an excellent way for security professionals to understand and describe threats. However, most of the time, it is used to describe the actions of external threats. But what about the insider threats? According to Forrester, 25% of breaches resulted from internal incidents, and almost half of them were malicious. In the past few years, insider threats have evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications and the current remote work setup make tracking and protecting sensitive data extremely challenging. Can we use the MITRE ATT&CK framework to help us describe, understand, and finally detect and protect against insider threats? If the framework often describes and supports threat detection of external threats, does it also help deal with insider threats? What organizations should expect from this exercise, and what do they need to do differently to achieve the desired results? Join Augusto Barros, VP of Solutions at Securonix, to learn about: • How insider threats have evolved and the new challenges they present? • How the MITRE ATT&CK framework supports threat detection practices? • How the MITRE ATT&CK framework can also help to address the issues related to insider threats? Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (80)
Subscribers (16663)
Securonix Next-Gen SIEM delivers threat detection and response powered by flexible, cloud-native advanced analytics. Follow this channel to learn from our security experts. They will discuss threat trends, detection techniques, and SecOps topics such as cloud security, insider threat, SIEM, UEBA, and SOAR.