Foiling Modern Attacks: Map MITRE ATT&CK Tactics to Falco Rules

With more and more companies moving their applications and infrastructure to the cloud, the potential attack surface has expanded dramatically. Attackers know they have a window of opportunity and have become savvier at carrying out advanced cloud and container attacks. Within seconds of entering your cloud environment, they can begin conducting cryptomining, supply chain attacks, and other forms of advanced attacks. Without the ability to detect and respond to these attacks in real-time, it’s almost impossible to stop them from causing significant damage.

The MITRE ATT&CK framework tests an organization's readiness to detect and prevent tactics and techniques associated with today’s latest cloud and container threat actors. In this panel with a SANS Analyst, we will discuss how your organization can navigate the complexity of the MITRE ATT&CK framework:

• How to interpret the results across Protection, Detection and Response. (PDR)

• The difference between Technique, Tactic, and Telemetry detections. (3 T's)

• How to map open-source Falco rules to the MITRE ATT&CK framework to help stop breaches and advanced attacks.