Final Week to Get an iPad Pro w/ Smart Keyboard, HP ProBook, or $350 Off with OnDemand and vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

How To Increase MITRE ATT&CK Coverage with Network Traffic Analysis

  • Thursday, June 20th, 2019 at 3:30 PM EDT (19:30:00 UTC)
  • John Smith and Chris Crowley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • ExtraHop

You can now attend the webcast using your mobile device!

Overview

The MITRE ATT&CK Framework is a useful tool for SecOps teams trying to understand their security posture against common adversary tactics, techniques, and procedures (TTPs). In this presentation you'll learn how to take your ATT&CK understanding and coverage to the next level with network traffic analysis. You'll also learn:

  • Key tips for understanding the MITRE ATT&CK Framework and how to use it as a tool to improve your security posture.
  • What the framework is optimized for, and where it has room to grow
  • Which security tools and data sources you'll need to achieve the best coverage against TTPs in all 12 categories of the MITRE ATT&CK Framework

Speaker Bios

Chris Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous


John Smith

John Smith is a Principal Engineer at ExtraHop. John has over two decades of experience as a Sr. Architect in IT organizations, and is a regular speaker at technology events including Briforum, RSAC, and Citrix Synergy, among others.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.