Presented at
DeepSec 2019 „Internet of Facts and Fears“,
Unknown date/time
(Unknown duration)
Adversaries will always be able to compromise us, but that doesn't mean that the adversaries reach their goals. In order to prevent an adversary to be successful, the speed of our detection and response processes are key for a Security Operations Center (SOC). To support the SOC in this battle, the right tools and log sources need to be identified.
This presentation tackles this problem by introducing a threat based security monitoring approach using the Mitre ATT&CK Matrix, which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. This approach combines the information about the Advanced Persistent Threats (APT) in the Mitre ATT&CK Matrix with its used techniques resulting in a comprehensive list of tools and log sources needed for security monitoring. Subsequently, Sigma, as a universal language for detection rules, is introduced to detect the identified threats. The threat based security monitoring approach using Mitre ATT&CK Matrix is conducted based on a fictional company, evil bank.
Presenters:
-
Patrick Bareiß
- Splunk
Education:
2009 - 2013 B.Sc. Mechanical Engineering University Stuttgart
2013 - 2016 M.Sc. Mechanical Engineering Technical University Munich
2013 - 2019 B.Sc. Computer Science FernUniversität Hagen
Work Experience:
2016 - 2017: Field Application Engineer for Hardware Security in Infineon Technologies
2017 - 2018: Cyber Security Integrator in Airbus CyberSecurity
since 2018: Cyber Security Engineer in Airbus CyberSecurity
since October 2019: Senior Security Researcher, Splunk
Links:
Similar Presentations: