Home > ASQ Washington, DC &... > Events > Software Special Interest... Printable Version Tell a friend
Software Special Interest Group
7515 Colshire Drive,
Oct 25 5:30 pm - 8:00 pm (GMT -5:00) EST
Understanding Cyber Adversaries with
ATT&CK – The Post-Exploit Threat Model
Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE
Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House
6:30 – 7:30 PM - Program
7:30 – 7:45 PM – Announcements
There is no cost to attend at McLean or Silver Spring
Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network’s defenses, benefitting business owners and network managers in the process.
In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.
Dr. Andy Applebaum is a Senior Cyber Security Engineer at The MITRE Corporation, where he works on internal and sponsor-facing projects. His current research areas include offensive and defensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. He obtained his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security, including firewall configuration management, secure network administration, and alert correlation. He has a B.A. in computer science from Grinnell College.
October Flyer here.
Locations and Registration
The presenters will be at MITRE’s MITRE-2 location with presentation video/teleconferenced to the following locations:
MITRE-2 Building, Room 1N100
7515 Colshire Drive, McLean, VA 22102
Host: Hung Ngo, Phone: 571-765-3333
260 Industrial Way West
Eatontown, NJ 07724
Host: Aaron Dagen, Desk: 732-578-6301
Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218
Join by Phone:
Call-in toll number (US/Canada)
Access Code: 805 274 863
You must register by noon on Monday, October 24th. If you cannot attend at any location, select telephone dial-in when you register.
Non-US Citizens: the FDA site (Silver Spring) cannot host non-citizen visitors. For the MITRE site, if not a US citizen, please provide your title, country of citizenship, employer, and address when registering. Please register at least 2 business days before the meeting to allow for processing.