Home  >  ASQ Washington, DC &...  >  Events  >  Events & Networking  >  Event Archives  >  Software Special Interest...     Printable Version Tell a friend

Software Special Interest Group  

Where
MITRE Corporation
7515 Colshire Drive,
Building 2
McLean, Virginia

When
Oct 25, 2016    5:30 pm - 8:00 pm (GMT -5:00) EST

Understanding Cyber Adversaries with 

ATT&CK – The Post-Exploit Threat Model

Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE

Tuesday, October 25, 2016

5:30 – 6:30 PM – Networking & Open House

6:30 – 7:30 PM - Program

7:30 – 7:45 PM – Announcements

There is no cost to attend at McLean or Silver Spring

 

Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network’s defenses, benefitting business owners and network managers in the process.

 

In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.

 

Dr. Andy Applebaum is a Senior Cyber Security Engineer at The MITRE Corporation, where he works on internal and sponsor-facing projects. His current research areas include offensive and defensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. He obtained his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security, including firewall configuration management, secure network administration, and alert correlation. He has a B.A. in computer science from Grinnell College.

 October Flyer here.

Locations and Registration

 The presenters will be at MITRE’s MITRE-2 location with presentation video/teleconferenced to the following locations:

  

MITRE Corporation

MITRE-2 Building, Room 1N100

7515 Colshire Drive, McLean, VA 22102

 

Host: Hung Ngo, Phone: 571-765-3333

MITRE Corporation

Room 2503

260 Industrial Way West

Eatontown, NJ 07724

 Host: Aaron Dagen, Desk: 732-578-6301


Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218

Meeting number:

805 274 863

Meeting password:

g3c27D2b

Join by Phone:

1-650-479-3208 Call-in toll number (US/Canada)

Access Code:  805 274 863


Registration Webpage: http://www.asq509.org/ht/d/DoSurvey/i/117448

You must register by noon on Monday, October 24th.  If you cannot attend at any location, select telephone dial-in when you register.

 

Non-US Citizens:   the FDA site (Silver Spring) cannot host non-citizen visitors.  For the MITRE site, if not a US citizen, please provide your title, country of citizenship, employer, and address when registering.  Please register at least 2 business days before the meeting to allow for processing.