Podcast image

Alexia Crumpton: MITRE ATT&CK for Defenders | 33

Blueprint • 2022-08-16

One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of knowledge contained - everything from analytics to threat groups, specific mitigation and detection opportunities, and with the newest versions, even specific data sources. In this episode we talk to the Defensive Lead of ATT&CK from MITRE, Lex Crumpton, about what every blue team member needs to know about this framework, and more!

Alexia Crumpton

Alexia Crumpton is a Defensive Cyber Operations Researcher with over seven years of experience in software development, SOCs, and Malware Reverse Engineering. Her passion lies in heuristic behavior analysis in regards to adversary TTPs and countermeasures used to defend against them.

Follow Alexia

LinkedIn: https://www.linkedin.com/in/al...

Resources mentioned in this episode:

CAR - The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.

Top ATT&CK Techniques – Medium Blog, Github, Calculator

Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their organization.

Other MITRE Projects: MITRE empowers the cyber community with the knowledge, training, and expertise to implement an effective threat-informed defense strategy. (Ex: ATT&CK, Caldera, Engage, D3FEND, 11 Strategies SOC Book, CVE/CWE/CAPEC, CTID, MAD, ATT&CK Evaluations) With these frameworks, MITRE arms the worldwide community of cyber defenders. We give them vital information to thwart network intruders, build resiliency against future attacks, and develop assurance to overcome possible vulnerabilities.

Sponsor's Note:

Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the details at sansurl.com/450! Hope to see you in class!
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn