Using MITRE ATT&CK 2020 Evaluation Data to Show How An Advanced Endpoint Detection/Response Product Mitigated APT29

  • Tuesday, 25 Aug 2020 9:00PM EDT (26 Aug 2020 01:00 UTC)
  • Speakers: John Pescatore, Jared Phipps

SANS surveys have shown SOC managers and analysts have rapidly adopted the MITRE ATT&CK ' Framework for a variety of uses. 'MITRE has expanded their support for the framework to include independent evaluations of vendor product performance against specific threats. Recently, MITRE released the 2020 ATT&CK evaluation results, focusing on performance of products against APT29, the notorious actor which evaded the DNC, shows us that many of today's EDR tools fail to cope with advanced techniques.

At this webinar, SANS Director of Emerging Security Trends will provide an overview of the emerging uses of the MITRE ATT&CK framework and data from recent SANS Surveys. Jared Phipps of SentinelOne will drill down into the MITRE evaluation against APT29, explaining how MITRE preformed the tests and providing an security analyst-oriented view of how SentinelOne's product performed and how it would be use to more quickly detect and respond to advanced targeted attacks in general.

In the webinar, we'll present:

  • Why MITRE ATT&CK matters and how it can help you save cost/time
  • What's the difference between good and great EDR
  • What can we learn from APT29 - operationalize the lessons from MITRE ATT&CK