$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Simplifying Response with the Mitre ATT&CK Framework

  • Wednesday, December 4th, 2019 at 3:30 PM EST (8:30PM GMT) Wednesday, December 04, 2019 at 3:30 PM EST (2019-12-04 20:30:00 UTC)
  • Justin Henderson, Anthony Di Bello, JJ Cranford


  • OpenText Inc.

You can now attend the webcast using your mobile device!



In the modern threat landscape, cybersecurity leaders are looking for any advantage to overcome the barrage of security events and the lack of resources to address those threats. Mitre ATT&CK is a knowledge base of digital adversary tools, tactics and procedures based on observations and encounters from practitioners in the field. 

This framework is quickly becoming the language of EDR and serves as a common nomenclature to swiftly and accurately provide attack information to security responders. Adoption of Mitre ATT&CK will help security teams operate more efficiently and have streamlined access to attack insights and data.

Join this session to learn:

  • How to use the framework for success against advanced and targeted cyber attacks
  • How modern threats make visibility into attacker TTPs essential
  • The importance of using Mitre ATT&CK to create more resilience in security operations and infrastructure
  • The value of threat context to comprehensively respond and address all aspects of a threat

Speaker Bios

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 SIEM with Tactical Analytics course and co-authored SEC455 SIEM Design and Implementation and SEC530 Defensible Security Architecture and Engineering. He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.

Anthony Di Bello

A 14-year veteran of the cybersecurity and digital forensic incident response sector, Anthony Di Bello serves as Vice President Strategic Development for OpenText where he leads strategic planning and direction for security, legal, and AI solutions. Anthony joined OpenText with the acquisition of Guidance software where he spent the previous 12 years, including the last several as Sr. Director of Products responsible for the voice of the customer, product roadmaps and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products. Previously at Guidance, Anthony was Director of Strategic Partnerships responsible for building and delivering end-to-end solutions around the Guidance product portfolio through partnerships and integrations with adjacent technologies such as Blue Coat, ArcSight, HP and FireEye. Before moving to Guidance, Mr. Di Bello spent seven years with Willis Towers Watson, a global professional service firm specializing in risk and financial management.

JJ Cranford

JJ Cranford is a Senior Product Marketing Manager at OpenText responsible for the EnCase™ Security suite of products. JJ joined OpenText with the acquisition of Guidance Software where he was responsible for the go-to-market strategy for EnCase Endpoint Security, Risk Manager, and eDiscovery products.  He provides insight into market trends, industry challenges, and solutions in the areas of incident response, endpoint security, risk management, and compliance to G2000 enterprise clients.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.