Agenda | 8:30 AM - 5:00 PM ET
Shifting ATT&CK Left to Enable Automated, Risk-Based Security Controls in Development
ATT&CK is most commonly used in runtime to identify and counter adversary actions, but did you know that it can also be used in development to manage risk even before insecure apps are deployed? This session explores an approach that leverages ATT&CK in development to establish automated guardrails in DevOps pipelines to identify risks such as policy violations and breach paths early, assess the risk and impact of exploit, prevent deployment of risks that exceed a threshold of risk defined by the security team, and provide development teams with a risk-based, prioritized list of necessary remediations. This will drive better security outcomes by enabling security teams to recognize the highest-risk findings and effectively communicate with development and operational teams.
Neutralizing breach paths early with Infrastructure as Code and ATT&CK
Threat modeling is a critical security activity that too often relies on manual interviews, assessments, and enforcement. With DevOps accelerating delivery of software, how can security teams effectively manage risk if they rely on manual processes? Do the same approaches that accelerate development also present opportunities to improve the scalability and efficiency of security?
This session demonstrates how security teams can leverage open source tools, Infrastructure as Code, and the MITRE ATT&CK framework, to build accurate threat models early in the development process, identify breach paths, and implement security controls to neutralize breaches before the app is ever deployed.
Predicting the Next Attack: The Power of Cyber Threat Intelligence Together with MITRE ATT&CK
How TTPs help connect the dots between a sea of IoCs and the adversary groups behind them.
Actor-Based Gap Analysis and the MITRE ATT&CK Framework
One of the challenges with threat intelligence involves the lack of attribution and relevancy when compared to one’s environment. For example, it might be hard to synthesize the qualitative and quantitative threat intelligence being curated in context when reading an article or incident report. Even harder is trying to apply the intelligence to the MITRE ATT&CK Framework to determine whether the contents of the article represent an area in your security posture that is covered or needs to be addressed. This gap analysis is necessary for continuous reevaluation of your overall security posture, which provides for the perceivably unattainable “strategic intelligence” component of your CTI program. Join us for a walkthrough as we answer the question: Can we determine gaps in our security posture by evaluating the techniques a specific threat actor uses against us?
Scaling TTP-Based Detections to the Enterprise
TTP-based detections, such as expressed by the MITRE ATT&CK framework and leveraged by most Endpoint Detection & Response (EDR) solutions, have several advantages over yesterday’s IoC-based approach. However, many implementations suffer due to an overreliance on mass-collections being required before data interrogation. This disconnect between where the data lives, and where detections are conducted present other challenges and limitations as well.
In this session, we will discuss:
Avoid Excessive IAM Permissions in the Cloud
Misconfigurations in IAM permissions in the cloud are by far the most used vector by attackers to compromise and expand their control over a hacked account. The cloud vendors offer hundreds of cloud IAM permissions to customers to fine-grain their access to the environment. However, do we have all the permissions granted updated and under control? Are we sure we are applying the least privileges principle to save us from potential compromise? Visibility across all permissions granted in our cloud environment is fundamental to be aware of what is in place and respond to over-privileged access.
In this session, we will:
Closing threat detection gaps with Open XDR
Early and accurate detection of threats is still a challenge for security teams: hindered by an unfavorable Signal-to-Noise ratio, false positive alerts and lack of visibility, attacks are still being missed. Using multiple security domains, such as Endpoint, Cloud, and Identity also requires having in-house expertise in order to facilitate both domain-specific detection and complex, cross-domain attack detection, thereby avoiding detection-silos.
When trying to understand the nature and extent of attacks, the MITRE ATT&CK framework provides an abstraction layer that acts as a common language in the security community, unlike, for instance, the ambiguity of APT names coined by various vendors. Used correctly, the MITRE ATT&CK framework is an excellent baseline for early threat detection and response, as well as community-wide collaboration.
Join this session to learn:
Keynote: Diversify and Conquer
Turn diversity into power.
Joined by Nicola Whiting, Alyssa Miller, Natasha Barnes, and Seema Kathuria, Diana Kelley will lead this enlightening panel discussion and share how organizations can thrive with a powerfully diverse workforce.
Attend this engaging and thought-leading keynote by registering for a level on day 2 of SANS Cyber Solutions Fest 2021.
Level MITRE ATT&ACK® Framework with Chloé Messdaghi
Chloé Messdaghi will be leading Level MITRE ATT&ACK® this October! See what you can expect from attending this track.
Cybersecurity Solutions for Today's Challenges
The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.
- Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
- Network in real-time with over 30 sponsors and learn from top industry experts
- Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more