IEEE Region 2

IEEE
Loading Events

« All Events

  • This event has passed.

Understanding Cyber Adversaries with ATT&CK – The Post-Exploit Threat Model

October 25, 2016 @ 9:30 pm - 11:45 pm

Co-sponsored by: ASQ 509 SW SIG

Understanding Cyber Adversaries with ATT&CK – The Post-Exploit Threat Model
Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE
Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House 6:30 – 7:30 PM – Program 7:30 – 7:45 PM – Announcements There is no cost to attend at McLean or Silver Spring

Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network’s defenses, benefitting business owners and network managers in the process. In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.
Dr. Andy Applebaum is a Senior Cyber Security Engineer at The MITRE Corporation, where he works on internal and sponsor-facing projects. His current research areas include offensive and defensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. He obtained his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security, including firewall configuration management, secure network administration, and alert correlation. He has a B.A. in computer science from Grinnell College.

 

Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218

Meeting number: 805 274 863 Meeting password: g3c27D2b  

Join by Phone:  1-650-479-3208 Call-in toll number (US/Canada) Access Code:  805 274 863 

Agenda:

Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House

6:30 – 7:30 PM – Program

7:30 – 7:45 PM – Announcements

Location:
Bldg: MITRE-2 Building, Room 1N100
7515 Colshire Drive
McLean, Virginia
22102

Details

Date:
October 25, 2016
Time:
9:30 pm - 11:45 pm
http://events.vtools.ieee.org/m/37617

Venue

City: McLean

Organizer

SoftwareSIG@asq509.org