Software Special Interest Group  

Understanding Cyber Adversaries with 

ATT&CK � The Post-Exploit Threat Model

Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE

Tuesday, October 25, 2016

5:30 � 6:30 PM � Networking & Open House

6:30 � 7:30 PM - Program

7:30 � 7:45 PM � Announcements

There is no cost to attend at McLean or Silver Spring

 

Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network�s defenses, benefitting business owners and network managers in the process.

 

In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.

 

Dr. Andy Applebaum is a Senior Cyber Security Engineer at The MITRE Corporation, where he works on internal and sponsor-facing projects. His current research areas include offensive and defensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. He obtained his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security, including firewall configuration management, secure network administration, and alert correlation. He has a B.A. in computer science from Grinnell College.

 October Flyer here.

Locations and Registration

 The presenters will be at MITRE�s MITRE-2 location with presentation video/teleconferenced to the following locations:

  

MITRE Corporation MITRE-2 Building, Room 1N100 7515 Colshire Drive, McLean, VA 22102   Host: Hung Ngo, Phone: 571-765-3333

MITRE Corporation Room 2503 260 Industrial Way West Eatontown, NJ 07724  Host: Aaron Dagen, Desk: 732-578-6301

Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218 Meeting number: 805 274 863 Meeting password: g3c27D2b
Join by Phone:  Call-in toll number (US/Canada)	Access Code:  805 274 863