The SOC Counter ATT&CK

Presented at BSidesLV 2019, Aug. 7, 2019, 11:30 a.m. (25 minutes)

How to leverage the Mitre ATT&CK Framework to improve your organization security posture and bring your SOC/BlueTeam up to speed with the current Tactics, Techniques and Procedures (TTP) that modern Threat Actors uses. Our goal is to answer a few questions we often see or hear: "ATT&CK is nice and all, but how do I (we) get started?", "How can I (we) detect those TTP?", "Why use the ATT&CK Framework?"

Presenters:

• Mathieu Saulnier
  Mathieu Saulnier is a "Security Enthusiast" ©@h3xstream. He has held numerous positions as a consultant within several of Quebec's largest institutions. For the last 6 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He currently holds the title of « Senior Security Architect » and acts as "Adversary Detection Team Lead" and "Threat Hunting Team Lead" for Bell Canada, one of Canada's largest carrier. In the last 12 months he gave talks at GoSec (Montreal), GeekFest (Toronto), BSidesCharm (Baltimore) and NorthSec (Montreal), he is also scheduled to speak at DerbyCon.

Similar Presentations:

• CHCon '20 (2020) / ATT&CK'ing it wrong - how to use ATT&CK effectively at an NZ scale
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• Black Hat USA 2019 / MITRE ATT&CK: The Play at Home Edition