Common Language

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 2, Lesson 2, Common Language.
00:00
In this lesson, we will appreciate
00:00
the common language created by ATT&CK,
00:00
and recognize how this common language can
00:00
help operational teams communicate and collaborate.
00:00
As security practitioners, we feel
00:00
the complexity of our craft every day,
00:00
as it requires many technologies,
00:00
processes, and people to work together.
00:00
Not to mention, we are flooded with information
00:00
that comes in at varying levels of detail and format.
00:00
But as we know, collaboration and
00:00
communication across all of these resources is key.
00:00
This is where the ATT&CK common language comes in.
00:00
ATT&CK create a common language that is critical for
00:00
consistently and accurately sharing
00:00
ideas about adversary behaviors.
00:00
This language is abstracted to an operational level,
00:00
and has many practical use cases,
00:00
such as connecting adversary perspective
00:00
to what we're going to do about it,
00:00
in terms of defensive countermeasures.
00:00
To highlight an example of this,
00:00
let's walk through a notional
00:00
example from a security team.
00:00
In this case, an Intel analyst
00:00
notices a command line you used by adversaries.
00:00
Red Team recognized that as Mimikatz syntax.
00:00
Finally, the defense of analysts can
00:00
write an analytic looking for those strings.
00:00
While this does yield benefit,
00:00
the lack of context and communicated
00:00
details may lead to an operational shortcoming.
00:00
In this case, looking
00:00
back to David Bianco's Pyramid of Pain,
00:00
strings are pretty low
00:00
in terms of cost back to the adversary.
00:00
Let's walk that same example
00:00
with the context provided by ATT&CK.
00:00
Each one of these ideas can be enhanced.
00:00
In this case, looking at that same command line
00:00
and recognizing this is very common across many groups.
00:00
The red team may also use ATT&CK to better
00:00
decompose the behavior that is executed by that command,
00:00
leading to a better analytic
00:00
that is actually targeting the behavior.
00:00
With that, if we start knowledge check for Lesson 2.
00:00
ATT&CK provides a language that can be used by.
00:00
Please pause the video and take a second to think
00:00
about the correct answer before proceeding.
00:00
In this case, the correct answer was E. ATT&CK provides
00:00
a language that can be used by
00:00
anyone involved in cybersecurity.
00:00
With that, we've reached the end of Lesson 2.
00:00
In summary, ATT&CK creates a language
00:00
for describing cyber adversary behaviors.
00:00
This language is abstracted to an operational level,
00:00
and can help connect
00:00
the adversary perspective of
00:00
ATT&CK to defensive countermeasures.
Up Next