Lunch and Learn : BlueCat

MITRE's ATT&CK framework – and how to use it in your organization

Learn how you can use Mitre's ATT&CK framework to do gap analysis on your environment, what you should and shouldn't ask vendors about it, and how it differs from other enumerations like CVE and CWE.

CVE will be 25 years old next year – but that doesn't mean Cybersecurity has been “solved”. As we add tools to our environment to improve visibility and detection, and hold our vendors accountable for vulnerabilities and weaknesses, we still face the challenge of developing our staff so they can improve their skills and recognize risks.

Mitre has built a framework called ATT&CK, which can help organize the many tactics and techniques attackers try to use against us. By enumerating and organizing these, Mitre has built an encyclopedia of threats and threat vectors. This can be leveraged in many ways, and we'll look at several of them in this presentation.

Awareness of the ATT&CK framework is reaching broader audiences, but many people probably haven't seen all the ways it can be used to benefit your organization.