Reading Room

Analyst Papers

Featuring 430 Papers as of August 6, 2020

To download the Analyst Papers, you must be a member of the SANS.org Community. Upon joining the community, you will have unlimited access to Analyst Papers and all associated webcasts, including the ondemand version where you can download the slides.

• Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework by John Hubbard - July 17, 2020 

  • Associated Webcasts: Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework: A SANS Panel Discussion Understanding and Leveraging the MITRE ATT&CK Framework: A SANS Roundtable
  • Sponsored By: Cisco Systems Inc. LogRhythm Anomali Reversing Labs ThreatQuotient Swimlane Awake Security ExtraHop

  Through the ATT&CK framework, MITRE has generated a gold mine of information about the most important tactics and techniques used by attackers and how the blue team can detect and prevent these actions. Blocking atomic attack indicators such as domain names and IP addresses might work in the short term, but understanding the higher-level tactics in ATT&CK helps the blue team identify and anticipate attacker activity at a higher level of abstraction. In this white paper, SANS author and dedicated blue team member John Hubbard explores how ATT&CK slows attackers down and gives defenders a fighting chance.

  •  Overview
• View All Analyst Papers

• ---

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.