Prioritizing Defensive Capabilities

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=DDxgcA8caN8


Duration: 36:55
859 views
19

How can a security team prioritize what's important to safeguard their organization? Many teams simply want "maximum coverage of MITRE attack" in their defensive controls but this is infeasible for most organizations as the list of ATT&CK techniques continually grows. This talk introduces the Defensive Readiness Index which prioritizes skills and controls based on threats because not every organization needs to worry about every possible threat. It includes a framework for stratifying ATT&CK techniques based on level of effort to account for varying skill and effort level for each. From here, we can use the inferred relationships between ATT&CK and D3FEND techniques to create a set of focused defensive controls for different levels of attacker effort. Threat modeling with this approach becomes easier as we can make estimates based on broad level of effort and ROI for a given organization. We will walk through several examples of recent threats to see how they map into the framework as well as methods for continuous measurement since threat capabilities and defensive technology change day-to-day.

ABOUT THE SPEAKER
Ben Langrill has many years of experience across blue and red domain working for the US government, a fortune 100 security org, and cyber start up. He is experienced in building and testing software and security policies and dedicated to sharing this knowledge with the broadest audience possible.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
#BlueTeamSummit #BlueTeam #CyberDefense



Other Videos By SANS Cyber Defense


2023-01-17Packet Tuesday - IPv6 Router Advertisements
2023-01-11Network Monitoring Training with SEC503 Network Monitoring and Threat Detection In-Depth
2023-01-10Packet Tuesday - NTP
2023-01-03Packet Tuesday - IP Options
2022-12-20Packet Tuesday - TLS Server Hello
2022-12-13Packet Tuesday - FreeBSD Ping Vulnerability
2022-12-08Baby Steps to the Future: Evolving into the Next-Gen SOC
2022-12-07Don't Relay Me: Empirically Diagnose Privilege Escalation via Active Directory Account Sighting
2022-12-06Packet Tuesday - TLS Client Hello
2022-12-05IR Prep and Detection Engineering When the Cloud is Your Data Center
2022-12-02Prioritizing Defensive Capabilities
2022-12-01Once Upon a Login: How Logon Sessions Help Defenders See the Bigger Picture
2022-11-30Designing Security from the Ground Up
2022-11-29Packet Tuesday - TCP Urgent Flag
2022-11-28A Deep Dive into AWS IAM Privilege Escalation Attacks: Defenders’ Edition 2022
2022-11-23Responding to Advanced Adversaries
2022-11-22Packet Tuesday - EDNS Option Type 0
2022-11-21Enabling Defenders to Conduct Incident Response Investigations with Open-Source Tools
2022-11-18Dispatch from the SOC
2022-11-17From IT to Blue Team - Your Time is Now!
2022-11-16Confidence in Chaos: Strategies for World-Class Security Operations


Tags:
cyber defense
cyber defenders
blue team summit
sans blue team summit
MITRE ATT&CK
MITRE D3FEND
blue team cyber security
ben langrill
ben langrill cyber security
threat capabilities
defensive readiness index