Cyber Solutions Fest: Level MITRE ATT&CK® Framework

  • Webcast Scheduled to Air Friday, 22 Oct 2021 8:30AM EST (22 Oct 2021 12:30 UTC)
  • Speaker: Chloé Messdaghi

You are entering Level MITRE ATT&CK® at the SANS Cyber Solutions Fest 2021. 

This full-day session will be led by Chloé Messdaghi and a lineup of top industry experts. Discover how you can empower security by using MITRE ATT&CK, how to have a resilient security team by mapping security control gap analysis with the framework, lessons learned while utilizing the framework, new aspects to the framework, and the latest developments for applying the framework to the cloud.

Day 2 Keynote: Diversify and Conquer with Diana Kelley will be presented on this level.



Accurics_Logo_Transparent.pngAnomali_Logo_FullColor_RGB_2021_(002).pngHunters_Logo_Blue_PMS.pngMorphisec.jpgopentext-logo.pngPentera LogoNEW_LOGO_Sysdig.pnguptycs_logo_500_cmyk_highres.jpg

Agenda | 8:30 AM - 5:00 PM ET

Featured Presentations

Shifting ATT&CK Left to Enable Automated, Risk-Based Security Controls in Development

ATT&CK is most commonly used in runtime to identify and counter adversary actions, but did you know that it can also be used in development to manage risk even before insecure apps are deployed? This session explores an approach that leverages ATT&CK in development to establish automated guardrails in DevOps pipelines to identify risks such as policy violations and breach paths early, assess the risk and impact of exploit, prevent deployment of risks that exceed a threshold of risk defined by the security team, and provide development teams with a risk-based, prioritized list of necessary remediations. This will drive better security outcomes by enabling security teams to recognize the highest-risk findings and effectively communicate with development and operational teams.

Neutralizing breach paths early with Infrastructure as Code and ATT&CK

Threat modeling is a critical security activity that too often relies on manual interviews, assessments, and enforcement. With DevOps accelerating delivery of software, how can security teams effectively manage risk if they rely on manual processes? Do the same approaches that accelerate development also present opportunities to improve the scalability and efficiency of security? 

This session demonstrates how security teams can leverage open source tools, Infrastructure as Code, and the MITRE ATT&CK framework, to build accurate threat models early in the development process, identify breach paths, and implement security controls to neutralize breaches before the app is ever deployed.

Predicting the Next Attack: The Power of Cyber Threat Intelligence Together with MITRE ATT&CK

How TTPs help connect the dots between a sea of IoCs and the adversary groups behind them.

MITRE ATT&CK has practical and strategic applications across various security functions when security tooling and processes are mapped to the framework. Visualizing threats through the MITRE ATT&CK framework makes it easier for security practitioners to determine and communicate the highest priority threats they face and optimize actions to mitigate them. Gain a strategic advantage through key programmatic benefits of MITRE ATT&CK and combine tools for a more secure environment.

Actor-Based Gap Analysis and the MITRE ATT&CK Framework

One of the challenges with threat intelligence involves the lack of attribution and relevancy when compared to one’s environment. For example, it might be hard to synthesize the qualitative and quantitative threat intelligence being curated in context when reading an article or incident report. Even harder is trying to apply the intelligence to the MITRE ATT&CK Framework to determine whether the contents of the article represent an area in your security posture that is covered or needs to be addressed. This gap analysis is necessary for continuous reevaluation of your overall security posture, which provides for the perceivably unattainable “strategic intelligence” component of your CTI program. Join us for a walkthrough as we answer the question: Can we determine gaps in our security posture by evaluating the techniques a specific threat actor uses against us?

Scaling TTP-Based Detections to the Enterprise

TTP-based detections, such as expressed by the MITRE ATT&CK framework and leveraged by most Endpoint Detection & Response (EDR) solutions, have several advantages over yesterday’s IoC-based approach. However, many implementations suffer due to an overreliance on mass-collections being required before data interrogation. This disconnect between where the data lives, and where detections are conducted present other challenges and limitations as well.

In this session, we will discuss:

  • Implementing a distributed endpoint detection & response architecture
  • TTP-driven threat hunting, digital forensics, and incident response (DFIR)
  • Accounting for different threat models, network challenges, and novel attack methods
Avoid Excessive IAM Permissions in the Cloud

Misconfigurations in IAM permissions in the cloud are by far the most used vector by attackers to compromise and expand their control over a hacked account. The cloud vendors offer hundreds of cloud IAM permissions to customers to fine-grain their access to the environment. However, do we have all the permissions granted updated and under control? Are we sure we are applying the least privileges principle to save us from potential compromise? Visibility across all permissions granted in our cloud environment is fundamental to be aware of what is in place and respond to over-privileged access.

In this session, we will:

  • Explain the potential TTP using the MITRE ATT&CK Framework
  • Present a few real attack scenarios using IAM permission misconfigurations in cloud environments
  • Discover how to get visibility and quickly respond to misconfigurations in your environment
Closing threat detection gaps with Open XDR

Early and accurate detection of threats is still a challenge for security teams: hindered by an unfavorable Signal-to-Noise ratio, false positive alerts and lack of visibility, attacks are still being missed. Using multiple security domains, such as Endpoint, Cloud, and Identity also requires having in-house expertise in order to facilitate both domain-specific detection and complex, cross-domain attack detection, thereby avoiding detection-silos.

When trying to understand the nature and extent of attacks, the MITRE ATT&CK framework provides an abstraction layer that acts as a common language in the security community, unlike, for instance, the ambiguity of APT names coined by various vendors. Used correctly, the MITRE ATT&CK framework is an excellent baseline for early threat detection and response, as well as community-wide collaboration.

Join this session to learn:

  • How to close detection gaps with mapping techniques to the MITRE ATT&CK framework, including low visibility surfaces like Cloud platforms
  • How an Open XDR solution can enable organizations to detect entire attack kill chains in a timely manner
  • Attack chains and their progression in time represented by groups and sub-groups of ATT&CK techniques

Keynote: Diversify and Conquer

Turn diversity into power.

Joined by Nicola Whiting, Alyssa Miller, Natasha Barnes, and Seema Kathuria, Diana Kelley will lead this enlightening panel discussion and share how organizations can thrive with a powerfully diverse workforce.

Attend this engaging and thought-leading keynote by registering for a level on day 2 of SANS Cyber Solutions Fest 2021.

Level MITRE ATT&ACK® Framework with Chloé Messdaghi

Chloé Messdaghi will be leading Level MITRE ATT&ACK® this October! See what you can expect from attending this track.

Cybersecurity Solutions for Today's Challenges

The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.

  • Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
  • Network in real-time with over 30 sponsors and learn from top industry experts
  • Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more