Lessons Learned Applying ATT&CK-Based SOC Assessments | SANS Security Operations Summit 2019

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=lMh9E8l1-ks


Duration: 37:30
3,069 views
56

The ATT&CK framework has seen a rise in popularity in the security community, with more and more Security Operations Centers (SOCs) wanting to ATT&CK. To help SOCs get into the game of using ATT&CK, MITRE has developed a process to quickly gauge a SOC’s detective capabilities as they relate to the ATT&CK framework, producing a coverage heatmap as well as a set of recommendations the SOC can use to improve its operations. The process is low-overhead, focusing only on interviews and documentation analysis, but it provides useful results for SOCs that want to understand how their current capabilities stack up to ATT&CK. In this talk, we’ll call on our practical experiences to describe some of the key lessons learned we’ve discovered when applying ATT&CK-based SOC assessments, ranging from the best ways to conduct the assessment to how to effectively communicate results to leadership. The lessons and tips that we present will be widely accessible, helping those who are interested in conducting third-party assessments, who want to assess their own SOCs, or who just want to learn about the assessment process in general. Attendees should walk away with a better understanding of how they can run and use ATT&CK-based SOC assessments, including tips on avoiding traps and pitfalls in the process.

Andy Applebaum (@andyplayse4), Lead Cyber Security Engineer, MITRE

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2020-02-10Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
2020-02-03Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019
2020-01-31Build Effective Cybersecurity Team Skills | SANS Team-Based Training
2020-01-30The State of Cloud Security: How Does Your Organization Compare? | SANS Cloud Security Summit 2019
2020-01-27A SOC Technology/Tools Taxonomy – And Some Uses for It | SANS Security Operations Summit 2019
2020-01-24Who Done It? Gaining Visibility and Accountability in the Cloud | SANS Cloud Security Summit
2020-01-22SANS Institute & Trace Labs partner on an OSINT Missing Persons CTF challenge at SANS CDI 2019
2020-01-17Keep it Flexible: How Cloud Makes it Easier and Harder to Detect Bad Stuff | SANS Cloud Summit
2020-01-15SPECIAL WEBCAST: What you need to know about the Crypt32.dll / CryptoAPI Flaw
2020-01-13Mental Models for Effective Searching | SANS Security Operations Summit 2019
2020-01-08Lessons Learned Applying ATT&CK-Based SOC Assessments | SANS Security Operations Summit 2019
2020-01-02What you Need To Know About The Critical Citrix Gateway (Netscaler) Vulnerability CVE-2019-19781
2019-12-10Introducing Core NetWars Continuous 2
2019-11-19Not giving credit where credit is due - Common Cybersecurity Writing Mistakes
2019-11-19Including details most readers don't need - Common Cybersecurity Writing Mistakes
2019-11-19Escalating tensions in difficult situations - Common Cybersecurity Writing Mistakes
2019-11-19Using FUD to cause anxiety - Common Cybersecurity Writing Mistakes
2019-11-19Not using parallel structure - Common Cybersecurity Writing Mistakes
2019-11-19Using more words than necessary - Common Cybersecurity Writing Mistakes
2019-11-19Applying Inconsistent formatting - Common Cybersecurity Writing Mistakes
2019-11-19Including indecipherable graphics - Common Cybersecurity Writing Mistakes


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training