Operationalizing the ATT&CK™ Framework

Presented at RVAsec 2019, May 23, 2019, 2 p.m. (50 minutes).

Use of atomic indicators of compromise for cyber security, quickly become stale, and are often defeated by malicious actors.  Behavioral-based detection strategies focus on series of actions, during an intrusion, and are more dynamic in defending against intrusions.  In this talk, GE-CIRT discusses strategies to track, and respond to threat actors, by using frameworks like the Lockheed Martin Kill Chain and the MITRE ATT&CK framework with TIAMAT, GE's in-house developed end-to-end operational ATT&CK tool.

Presenters:

  • Conrad Layne - GE
    Conrad Layne is a senior cyber intelligence analyst with General Electric since 2013. In this role, Conrad tracks more than 50 Nation-state actors, their attacks, and TTPs with efforts focused on cyber-attacks affecting industrial control systems. Conrad holds a Bachelor of Science Degree in Digital Forensic Science from Defiance College and a Masters Degree in Cyber Security Intelligence from Utica College.

Links:

Similar Presentations: