What's a MITRE with your Security?
From MITRE ATT&CKcon Power Hour November 2020 By Matt Snyder, Senior Threat Analytics Engineer, VMware The market for Security products is flooded with vendors offering all sorts of solutions, and organizations are spending a record amount of money defending their environments. Nevertheless, an increasing number of breaches are reported each year, resulting in organizations spending millions of dollars to remediate them. The Security industry responds with more products, all offering to stop the next breach, and the cycle continues. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Matt discusses what VMware is doing internally to address this fundamental flaw in the Security industry and how they are leveraging the MITRE ATT&CK framework to reshape how we think about security.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to What's a MITRE with your Security?
Similar to What's a MITRE with your Security? (20)
More from MITRE - ATT&CKcon
More from MITRE - ATT&CKcon (17)
Recently uploaded
Recently uploaded (20)
What's a MITRE with your Security?
- 2. Sr. Threat Analytics Engineer 15+ Years in IT/Security. In 2013, I was on the Incident Response team during one the 1st major Credit Card breaches. years. place to work! Matt Snyder Speaker Introduction
- 3. Agenda Leveraging MITRE ATT&CK What logs do you need for security monitoring? How do you build balanced alerting? Evaluating New Security Tools
- 5. Fundamental Flaw in Operationalizing Security o planning is done around breaches/incidents they or their peers in the industry have had. o This leads to target fixation and wasting resources. o Prevents proactive detection of new threats.
- 6. What logs do you need for Security Monitoring?
- 7. Log All The Things!!
- 8. Log All The Things!!
- 10. By mapping our logging requirements with MITRE and CIS, we can articulate what we need, why we need it, and how to enable the proper level of logging. - Reduce the guess work - Minimize the impact on the service owners, no more back and forth or asking for more logs - Reduce gaps in logs that would allow and incident to go undetected - Help educate service owners to the threats out there
- 12. Building a Balanced Portfolio
- 13. Alerts with Meaning happening in your environment. - What tactics and techniques are being discovered - Able to better understand your risk profile and where compensating controls are needed - Test areas that no detections are being found - Gives you the freedom to do things like risk- based alerting, where you can take lower fidelity events and chain them together to see a much clearer picture of an attack.
- 14. Tracking Maturity and Growth Starting Out - Aligning with ATT&CK gives us targets to track against - Helps us set what is a priority and ensure that those priorities make sense - Allows you to see in one place where gaps exist.
- 15. Tracking Maturity and Growth Future Check-In - Over time, you can see your growth and evaluate how that matches your needs. - Help reduce scope creep in your alerting (ATT&CK are things that exist in the wild and not hypothetical) - Help track the work being done and certain areas
- 16. Evaluating New SecurityTools - With ATT&CK, we can focus on specific deliverables that are measurable and based on real world attacks - Helps to identify those 1 hit well-rounded portfolio