There's a disconnect between best practice frameworks and real-life nitty gritty. While many frameworks broadly approach the overarching principles that a robust security program should encompass, the MITRE ATT&CK framework takes it a step further by connecting the dots to detail specifically what kind of attacker behavior a defender should anticipate, and how an attacker would work to thwart those vaulted best practices.
Using Osquery, an open-source universal endpoint agent that makes our macOS, Linux, Docker, and Windows environments queryable using SQL, we can begin to harden our defenses by writing and deploying queries that identify those known behaviors as outlined in the twelve attack technique categories mapped by the MITRE ATT&CK matrix.
Incident Response professionals should attend this webinar to: