Assessment and Engineering

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 3,
00:00
Lesson 4, Assessment and Engineering.
00:00
In this lesson, we'll
00:00
explore how we can capture the results of
00:00
threat emulation and other outputs
00:00
to identify gaps in our defenses.
00:00
We'll also build an appreciation of how measuring
00:00
our defenses leads to making informed improvements.
00:00
The goal of this lesson is improvement.
00:00
We can use ATT&CK to measure and
00:00
track progress as we assess coverage,
00:00
prioritize gaps, and tune our defenses.
00:00
To highlight an example of this,
00:00
let's look back at our analytic from lesson 2.
00:00
As you recall, this analytic is targeting,
00:00
identifying adversaries,
00:00
dumping credentials via LSASS memory.
00:00
We can have a red team emulate threats to
00:00
see how this analytic compares to adversary behaviors.
00:00
In this case, let's say the analytic got
00:00
three procedures executed by
00:00
the red team, but missed two.
00:00
We now have a more informed understanding of how
00:00
our defenses fair against real adversary behaviors.
00:00
In this case, it's just the LSASS memory sub-technique.
00:00
But we have to remember, this is
00:00
just a single sub-technique within a single technique,
00:00
within a single tactic.
00:00
Expanding this out to the full matrix,
00:00
we can see we have a lot of work to do.
00:00
But we can use inputs from
00:00
our leadership as well as key stakeholders,
00:00
to identify what techniques are most critical to address,
00:00
and translate that to adversary behaviors.
00:00
We can also use similar inputs
00:00
to determine what risk we must
00:00
tolerate based on
00:00
operational shortcomings and defensive limitations.
00:00
At the end of the day, we can repeat
00:00
this process for each technique and
00:00
sub technique that we're interested in,
00:00
to get a full view of
00:00
where we stand and where we need to be.
00:00
As you can see, this threat-driven engineering process
00:00
is one piece or informed decision at a time.
00:00
It's a cumulative process that never stops,
00:00
as our threats will continue to tell us,
00:00
where we stand and where we need to be in the future.
00:00
With that, reach our knowledge check for lesson 4.
00:00
Which of the following best
00:00
completes the following sentence?
00:00
Please pause the video, and take a second to
00:00
select the correct answer, before proceeding.
00:00
In this case, the correct answer is B.
00:00
Knowledge about our adversary's behaviors
00:00
can inform us of a
00:00
prioritized and relevant opportunities
00:00
for defensive improvements.
00:00
With that, we've reached the end of lesson 4.
00:00
In summary, we can use
00:00
our threat-focused knowledge and
00:00
operations to measure our defensive posture.
00:00
These constant measurements can identify
00:00
where and how we need to make improvements.
Up Next