Operationalizing the ATT&CK™ Framework

Presented at RVAsec 2019, May 23, 2019, 2 p.m. (50 minutes)

Use of atomic indicators of compromise for cyber security, quickly become stale, and are often defeated by malicious actors.  Behavioral-based detection strategies focus on series of actions, during an intrusion, and are more dynamic in defending against intrusions.  In this talk, GE-CIRT discusses strategies to track, and respond to threat actors, by using frameworks like the Lockheed Martin Kill Chain and the MITRE ATT&CK framework with TIAMAT, GE's in-house developed end-to-end operational ATT&CK tool.

Presenters:

• Conrad Layne - GE
  Conrad Layne is a senior cyber intelligence analyst with General Electric since 2013. In this role, Conrad tracks more than 50 Nation-state actors, their attacks, and TTPs with efforts focused on cyber-attacks affecting industrial control systems. Conrad holds a Bachelor of Science Degree in Digital Forensic Science from Defiance College and a Masters Degree in Cyber Security Intelligence from Utica College.

Links:

• https://rvasec2019.sched.com/event/OCCD/operationalizing-the-attck-framework

Similar Presentations:

• BSidesLV 2019 / The SOC Counter ATT&CK
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• Black Hat USA 2019 / MITRE ATT&CK: The Play at Home Edition