How The ATT&CK™ Framework Can Mature Your Threat Hunting Program

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The truth about threat hunting is that it’s a process that matures with your security team.  The more you learn more about the threat landscape, the more you can operationalize that knowledge.  Because of this, it is important to work within a framework that can help you track the growth of your team.

There are a variety of models that can be used to track the maturity of your security team.  In general, they range from a level 0 (relying on automated alerting, with little or no data collection) to a level 4 (operationalized processes with automated detection and a very high level of data collection).  

MITRE serves as one of the industry’s most comprehensive knowledge bases for adversary behavior, and has created an attack framework (ATT&CK™) that serves as a model for identifying/understanding adversary behavior and planning security improvements.  This framework can be used to help your security team move from one stage of maturity to the next.

Carbon Black is thrilled to be hosting a webinar with speakers from both Red Canary, and MITRE.  This webinar will teach listeners how to use the MITRE ATT&CK framework to hunt for adversary tactics and techniques across the attack matrix, develop and test hypotheses against known techniques, obtain a broader set of evidence by hunting for adversarial techniques, and increase the efficacy of their threat hunting programs.

Speakers for the webinar include:

Phil Hagen, Sr. SANS instructor and DFIR Strategist at Red Canary.  Red Canary’s goal is to improve security for organizations of all sizes.  They defend hundreds of customers around the world, ranging from global Fortune 100s to 100-endpoint organizations. Their goal is to level the playing field by empowering every defender to win against rapidly evolving adversaries.

Rick McElroy, Security Strategist at Carbon Black. Carbon Black is a leading provider of next-generation endpoint security. Carbon Black solutions enable customers to defend against the most advanced cyber threats, including malware, ransomware, and non-malware attacks.  Deployed via the cloud, on premise, or as a managed service, customers use Carbon Black solutions to lock down critical systems, hunt threats, and replace legacy antivirus.

John Wunder, Principal Cybersecurity Engineer at MITRE.  MITRE is a not-for-profit organization that operates research and development centers sponsored by the federal government.  MITRE is dedicated to solving problems for a safer world. They work in the public interest to discover new possibilities, create unexpected opportunities, and lead by pioneering together for the public good to bring innovative ideas into existence.

Save Your Seat

The post How The ATT&CK™ Framework Can Mature Your Threat Hunting Program appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?