ATT&CKing; the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK;

BSidesLV 2018

Presented by: Katie Nickels, John Wunder
Date: Tuesday August 07, 2018
Time: 11:30 - 12:25
Location: Breaking Ground

Whenever we discover another breach, adversaries give us a friendly reminder that the status quo in network defense isn’t good enough. Everyone’s telling us that we need to evolve our focus beyond indicators toward tactics, techniques, and procedures (TTPs), yet we struggle with how to do this. MITRE ATT&CK is the first public framework derived from real threats for describing detailed post exploitation activities, and the community is increasingly adopting it to help move toward detecting TTPs.Members of the ATT&CK team will engage in a discussion with the community about how ATT&CK can help us all improve. We will suggest ideas for how analysts, defenders, engineers, and red teamers can use ATT&CK as a common language to help change your approach to defense by orienting towards the adversary. Based on our experiences, we will provide practical advice on how to apply ATT&CK to improve cyber threat intelligence and defenses by tracking adversaries and developing analytics to detect their behavior. Most importantly, we want to hear from the audience about how they are using ATT&CK and what could make it better.

Katie Nickels

As the Threat Intelligence Lead for the MITRE ATT&CK team, Katie focuses on applying cyber threat intelligence to ATT&CK and evangelizing how that helps analysts. She has worked in threat intelligence and network defense for nearly a decade, with much of that time spent helping Security Operations Centers navigate how to apply intel to defenses. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University’s School of Foreign Service. When she’s not losing her mind over group aliases, Katie enjoys deadlifting, baking cookies, and teaching teenage girls about cybersecurity.

John Wunder

John is a principal cybersecurity engineer at MITRE working on cyber threat intelligence and how to detect attacks using cybersecurity analytics. He supports MITRE’s work on ATT&CK, and is a co-chair of the STIX Subcommittee in the OASIS Cyber Threat Intelligence Technical Committee. He believes that cyber threat intelligence can improve security for everyone, and works across MITRE’s sponsors to make it easier, faster, and more effective. Besides all this cyber stuff, John likes to record music, try and fail to convince his dog to actually chase a ball, and go camping.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats