Community Perspective

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 2. This module
00:00
is split into four lessons,
00:00
which we'll explore the various benefits of using ATT&CK.
00:00
Specifically, we'll discuss
00:00
the diversity of information captured
00:00
within ATT&CK and how also enables us in
00:00
a broad spectrum of
00:00
cybersecurity practices and operations.
00:00
We'll also explore how ATT&CK can be
00:00
used to quantify various cybersecurity metrics,
00:00
and how the common language created by ATT&CK can
00:00
help us efficiently communicate
00:00
about how certain behaviors.
00:00
Without further ado, let's dive in.
00:00
Welcome to Module 2,
00:00
Lesson 1 community perspective.
00:00
In this lesson, we will explore
00:00
the various sources of information that build
00:00
ATT&CK and appreciate how attack benefits
00:00
from this diversity of knowledge and perspectives.
00:00
As you recall from Module 1,
00:00
ATT&CK is built from
00:00
publicly available reporting and documentation,
00:00
as well as insights, feedback,
00:00
and contributions from the global community.
00:00
While the MITRE ATT&CK team does
00:00
curate and maintain his collective knowledge,
00:00
this dependence on publicly available reporting and
00:00
contributions makes ATT&CK very much a team effort.
00:00
To highlight this, let's
00:00
take a look at some content within ATT&CK.
00:00
In this case, we're looking at
00:00
the Turla group page and
00:00
the short description provided by the ATT&CK team.
00:00
All this description was drafted
00:00
and authored and published by the ATT&CK team.
00:00
It is based on publicly available reporting
00:00
that you yourself can go check out.
00:00
This also extends to various other objects
00:00
within ATT&CK, most importantly, procedures.
00:00
In this tastes, we can see the various techniques and
00:00
some techniques mapped to the Turla group are
00:00
all reference back to publicly available in
00:00
reporting that we can dive into for more details.
00:00
ATT&CK very much depends on and
00:00
appreciates all of the contributors.
00:00
You can go to individual pages
00:00
and check out the contributors.
00:00
But we also have a full listing on our contributors page.
00:00
As you can see, this list contains
00:00
a lot of key industry thought leaders and
00:00
organizations which really build
00:00
to the full power and perspective of ATT&CK.
00:00
This diverse perspective results in
00:00
a breadth of ideas and operational applications.
00:00
As we see the adversary behaviors capturing ATT&CK
00:00
span a wide range of domains and ideas.
00:00
With that, we've reached our knowledge check for
00:00
Lesson 1. True or false.
00:00
MITRE collects proprietary, classified,
00:00
or otherwise sensitive data to
00:00
use as references within ATT&CK?
00:00
Please pause the video and take
00:00
a moment to think about
00:00
the correct answer before proceeding.
00:00
In this case, the answer is false.
00:00
As we said before, MITRE uses
00:00
publicly available cyber threat intelligence
00:00
that anyone can access as the references for ATT&CK.
00:00
With that, we've reached the end of Lesson 1.
00:00
In summary, ATT&CK is built from
00:00
publicly available cyber threat intelligence,
00:00
as well as insights and
00:00
citable contributions from the global community.
00:00
This results in a great benefit for ATT&CK as we capture
00:00
a wide perspective of
00:00
technology and operational use cases.
Up Next