SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThrough the ATT&CK framework, MITRE has generated a gold mine of information about the most important tactics and techniques used by attackers and how the blue team can detect and prevent these actions. Blocking atomic attack indicators such as domain names and IP addresses might work in the short term, but understanding the higher-level tactics in ATT&CK helps the blue team identify and anticipate attacker activity at a higher level of abstraction. In this white paper, SANS author and dedicated blue team member John Hubbard explores how ATT&CK slows attackers down and gives defenders a fighting chance.
John redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.
Read more about John Hubbard