Mitigations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 1,
00:00
Lesson 5, Mitigations.
00:00
In this lesson, we will define and
00:00
explore what an ATT&CK mitigation is,
00:00
identify where to find these mitigations, and finally,
00:00
build an appreciation for how
00:00
these mitigations fit into the ATT&CK model.
00:00
As you recall from our last lesson,
00:00
ATT&CK techniques and some techniques
00:00
have a wealth of metadata.
00:00
In this lesson, we're going
00:00
to explore the mitigation section.
00:00
ATT&CK defines the mitigations as configurations, tools,
00:00
or processes that we can as defenders use to prevent
00:00
a technique from being successful or having
00:00
the desired outcome for an adversary.
00:00
You can think of these as hardening recommendations
00:00
intended to allow us to take
00:00
actions such as changing policies or
00:00
configurations or deploying certain tools.
00:00
As we saw previously,
00:00
mitigations are populated on
00:00
technique pages where you can see how
00:00
these mitigations are directly
00:00
applied to preventing a particular adversary behavior.
00:00
These mitigations are listed in this section shown below,
00:00
as well as a short description of how those mitigation
00:00
actually applies to the relevant adversary behavior.
00:00
While we can see these mitigations from
00:00
the perspective of the techniques and
00:00
techniques where they are applied,
00:00
we can also click on each one of
00:00
these mitigations and see
00:00
a page specific to that mitigation.
00:00
An example of that page is shown here where you can see
00:00
the name of the mitigation
00:00
as well as the short description.
00:00
In mitigation, there are
00:00
also objects in the attack model
00:00
and they have their own associated IDs,
00:00
as you see on the right.
00:00
In this case, the mitigation is labeled M1042.
00:00
Towards the bottom of these pages,
00:00
you can also see how this mitigation is
00:00
applied to various other techniques and sub techniques.
00:00
With that, we've reached
00:00
our knowledge check for this lesson.
00:00
Which of the following is most accurate?
00:00
Mitigations can help us.
00:00
Please pause the video and take a second to
00:00
think of the correct answer before proceeding.
00:00
In this case, the correct answer was
00:00
B. Mitigations can help
00:00
us hard our network to
00:00
prevent successful adversary behaviors.
00:00
In summary, attack mitigations
00:00
are recommendations for how we can
00:00
prevent successful execution
00:00
of specific adversary behaviors.
00:00
Finally, mitigations are
00:00
mapped to specific techniques and
00:00
sub techniques and are displayed on
00:00
those pages as well as on their own mitigation page.
Up Next