Name: MITRE ATT&CK: Optimizing Coverage to Bolster Your Defense
Start: 2023-12-14T14:20:00Z
End: 2023-12-14T14:21:00.000Z
Location: BrightTALK
Rating: 0

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable. 

We believe that these tools and services should be independent of any specific vendor’s security product or capability. That independence helps ensure that our enterprise customers always understand what is best for them and that our solution provider customers are positioned to deliver success. 

When Frank Duff, our Chief Innovation Officer, first recorded this talk, he discussed the challenges that both end-users and their vendors have with the gap in tool utilization — what is advertised vs. what is possible vs. what is implemented. There’s still a lot of work to do here.

Register for this informative replay from Frank, who shows end users how to determine what coverage they actually have with their current defensive stacks, and the appropriate expectations to have of those capabilities. He’ll also talk about how Tidal Cyber can help end users and vendors alike bridge the gap as they relate to MITRE ATT&CK, so organizations get more out of their tech, and vendors can show greater value.

Some supporting thoughts:“We estimate that 90% of users misconfigure our solution.” – major security provider

“When I took over the security program, I found we had 3 different EDR solutions, and were in the process of buying another.” – Fortune 100 CISO

Good to the Last Drop: Squeezing More Juice Out of Your Oranges

Join Tidal Cyber's Director of Cyber Threat Intelligence for a hands-on tutorial of exciting new content & feature sets added to the Tidal platform in January 2024! Topics covered include:

-New Detection Analytics sources (The DFIR Report)
-New Threat Content (hundreds of newly added "Living-off-the-Land" utilities)
-New Tags feature: Introduction, Threat Research applications, & threat<>analytic pivoting workflows

Tidal Community Update: Defending Against Legitimate Utility Abuse

Join us for a practitioner-focused workshop that will demonstrate how defenders at all experience levels can take steps to quickly operationalize timely, relevant intelligence to improve confidence in their organization’s defensive posture. Attendees can expect to take away a renewed appreciation for the threat-informed defense discipline and likely a new workflow tip or two heading into the new year.

Follow along with Tidal’s Director of Cyber Threat Intelligence as he goes hands-on with the resources & tools used daily by our Adversary Intelligence team to process the latest TTP-focused intelligence collected from a wide range of public sources. We will then dive deep into a recent government advisory on one of the world's most prominent cyber threats (APT28), showing how various free tools can be used to efficiently process a foreign-language CTI report, identify priority TTPs from within it, and spotlight notable ones for defensive next steps. Finally, we will show how defenders can level-up their threat-informed defense workflows by quantifying the threats & adversary behaviors relevant to their organization (and its defensive capabilities), allowing them to make quick, confident assessments around both established & emerging threats.

CTI Ride-Along: Operationalizing Recent TTP Intelligence for a Top Global APT

Key cyber adversaries regularly change their techniques to better accomplish their goals. Already in 2023, we’ve seen evolutions in the ransomware and infostealer landscapes, as well as additional shifts in techniques from espionage actors.

This session will explore some of the highlights of TTP (tactics, techniques, and procedures) intelligence from the second quarter of 2023 and discuss defensive actions to take in response to this intelligence.

Surf Report: A Review of TTP Highlights in Q2 2023

Tidal Cyber's Enterprise Edition empowers organizations to adopt threat-informed defense at scale. Getting started with Enterprise Edition might seem intimidating, especially if your team has a lot of custom rules or analytics, but the platform makes it easy! Join us for this Demo Day where we'll show just how easy it is to get started with Tidal Enterprise Edition.

Tidal Demo Day: Getting Started with Enterprise Edition

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Nigel Douglas, Technical Marketing Manager, and Thomas Labarussias, OSS/Ecosystem Advocate from Sysdig.

We've Got This Covered: An ATT&CK Introspection with SysDig

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Picnic CEO, Matt Polak.

We've Got This Covered: An ATT&CK Coverage Introspection with Picnic

Which threats matter most to my organization? A common question from security leadership, but usually not an easy (or quick) one to answer. This session provides practical guidance that empowers teams of virtually any size & maturity level to quickly start building, fine tune, and take action around a tailored cyber threat profile, enabling them to surface and prioritize the adversaries & techniques most relevant to their organization.

Cyber threat profiling is a powerful capability that gives teams greater focus and confidence to proactively address threats, but its adoption has been limited by misconceptions and lack of repeatable guidance on how to practically build profiles. We will walk through best practices for setting up a profile, using publicly-accessible resources to populate it quickly, and key factors that are commonly considered when fine-tuning a profile. Importantly, we will also demonstrate what can be done after a profile is built (identify defensive gaps & prioritize them for remediation), and tips for maintaining and updating your profile over time.

Cyber Threat Profiling: Where to Start and How to Take Action

Just because adversaries don’t modify their TTPs as frequently as their infrastructure doesn’t mean their behaviors are stagnant. On the contrary, today’s adversaries are evolving their TTPs with increasing frequency. In many ways, this is a positive reflection of the hard work of defenders – as defenses improve, adversaries are forced to find new ways of executing attacks. But recent examples show just how much adversaries maintain awareness about changing defensive landscapes, and therefore why intelligence around adversary TTP evolution is needed. 

This presentation will explore notable examples of TTP evolution associated with common threats and malware, and will provide strategies for tracking, evaluating, and defending against this evolution.

What?! Your Threats Are Evolving! A Study of Notable TTP Evolution

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Co-Founder and CTO of Remediant, Tim Keeler.

We've Got This Covered: Remediant

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Jorge Orchilles, the Cheif Technology Officer of SCYTHE.

We've Got This Covered: SCYTHE

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Itzik Kotler, co-founder and CTO of SafeBreach.

We've Got This Covered: SafeBreach

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Silvan Tschopp, VP of Product Marketing at Picus.

We've Got This Covered: Picus

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Jason Keirstead, CTO of Threat Management at IBM Security.

We've Got This Covered: IBM Security

For most organizations, implementing threat-informed defense is a challenge. It's tough to identify the threats most relevant to you; once you've identified them, how do you know how your current security stack is defending you? How do you stay on top of changes in the techniques adversaries are using? How can you have confidence in your enterprise's security posture, and accurately report to stakeholders?

Tidal Cyber's Enterprise Edition makes it easy for security teams to create threat profiles and see their defensive coverage using the tools they already own. The platform also provides notifications of any changes, as well as recommendations for defensive action. The Tidal Confidence Score™ quantifies how confident you can be in your cybersecurity posture, both overall and at an individual technique level. Join us for a demo of the Enterprise Edition in action!

Tidal Enterprise Edition Demo Day

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Eric Sun, Director at Cybereason, and Israel Barak, Chief Information Security Officer at Cybereason.

We've Got This Covered: Cybereason

This webcast provides a broad overview of the top cyber threats currently used to gain initial footholds into victim environments and deliver a wide range of other, usually more impactful malware. Our research into loaders, remote access trojans (RATs), and other initial access threats fills a notable community knowledge gap by aggregating the TTPs associated with newer or resurging threats, including SocGholish, Gootloader, Raspberry Robin, IcedID, BumbleBee, Emotet, and more, and aligning them to a common lexicon (MITRE ATT&CK®) for quicker pivoting into defensive actions.

Although many of these threats are responsible for high infection volumes and are notoriously adept at modifying their TTPs, there has yet to be a comprehensive survey of how techniques might be shared (or differ) among the various operations, campaigns, & malware. This session will especially spotlight common early-stage attack techniques and overlaps in second- or later-stage payloads, helping defenders identify opportunities to prioritize their work and make the most efficient use of finite time & resources.

Initial Access & Malware Delivery Landscape: Top Threats and TTPs

The MITRE ATT&CK Evaluations provide a useful datapoint to compare the efficacy of incident detection tools. However these results only focus on emulating a subset of the ATT&CK techniques once a year, while security organizations need to have an aggregated view of their coverage across the entire MITRE ATT&CK framework on a continuous basis.

Join this webinar with Cybereason and Tidal Cyber to learn some of the best practices for systematically tracking and improving your security program’s MITRE ATT&CK Coverage, to ensure incident detection and response readiness.

MITRE ATT&CK: Optimizing Coverage to Bolster Your Defense

MITRE ATT&CK

Cybereason

Threat-Informed Defense

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

MITRE ATT&CK: Optimizing Coverage to Bolster Your Defense

Presented by

About this talk

More from this channel