Discover Analytic Gaps with Unfetter

Presented at BSidesDC 2017, Oct. 7, 2017, 4:30 p.m. (50 minutes)

The MITRE ATT&CK™ framework provides network defenders with a novel way to characterize adversarial behaviors and a common reference point for evaluating gaps in system security posture. While this approach has inspired many, putting it into practice can be challenging and lead to custom implementations that are difficult to use. This creates an unfavorable situation for sharing insights and having an open dialogue on defensive tradecraft. Community models are meant to address these challenges, and we believe there is a better way. In this session, we will talk about an NSA-developed software project called Unfetter that aims to bring community threat models like ATT&CK™ to utility through open source software. Unfetter focuses on key relationships to help cyber security professionals discover gaps in their security posture, understand adversary tradecraft, and communicate defensive courses of action. We will discuss how we got started with a focus on analytics, where we are now with emphasis on security controls, and where we’re going next as we hope to engage and inspire the community to collaborate.

Presenters:

• Shaun McCullough - System Security Analyst at NSA Information Assurance
  Shaun McCullough graduated from Virginia Tech with a degree in Computer Engineering. He has worked for the federal government for 15 years in software development, IT operations, Red/Blue Teaming, and IT security research. His current focus is in expanding the uses for cyber threat intelligence. Mr. McCullough’s hobbies include wood working and being outdoors, but mostly he drives his 4 kids around.
• Matt Davis - System Security Analyst at NSA Information Assurance
  Matt Davis is an information security professional with over 12 year of experience in the federal government. His work includes teaching, research, vulnerability analysis, intrusion detection and incident response, and security consulting. He has a Computer Science degree from E. Stroudsburg University and a Masters in Information Assurance from Capitol College. At work, Matt has a passion for taking on big challenges and working with experts across the community to experiment with new and sometimes disruptive solutions. Outside work, he enjoys kayaking, traveling, and spending time with his family.

Links:

• https://bsidesdc2017.busyconf.com/schedule#activity_59316cfbcff23b425b000047
• https://www.youtube.com/watch?v=tDgFu42ZWdg

Similar Presentations:

• Objective by the Sea version 4.0 (2021) / Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
• BSidesLV 2019 / The SOC Counter ATT&CK
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK