Beyond IOCs: Validate security controls with quality threat intelligence

Presented by

Ursula Cowan, Threat Research Analyst, Andrea Hatcher, Threat Research Analyst, Matthew Hoerger, Sr. Threat Research Analyst

About this talk

Leave Your IOC's at the door and learn to validate security controls with quality threat intelligence. Please join the Mandiant Behavioral Research Team as they explore the merits of security validation, and their role in creating security validation content to accurately measure security effectiveness. The team will discuss the reason why real attacks matter, review types of content, and how they create that content. Learn how the team takes threat actor TTPs and other intel from sources such as Mandiant Advantage, and create content that is prioritized, tagged, and mapped to MITRE ATT&CK Framework. See a demo on how the team creates a network action so that you can validate the effectiveness of your network security controls. Additionally, the benefit of creating your own content to test your security environment will be discussed, as well as how you can use custom content when testing your security environment. Attendees will take away the following: 1. Learn that not all validation or testing content is equal—how quality threat intelligence and use of real attack binaries yields accuracy in testing security effectiveness. 2. Learn about how the Mandiant Behavioral Research team conducts threat research, prioritizes, and creates validation content from attacker TTPs 3. Through a detailed demo, learn how a network action is created and see how it can enable you to conduct your own threat research and pivot to validation on the Mandiant Advantage platform 4. Guidance on creating your own content to effectively test your security environment.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (372)
Subscribers (122617)
Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.