Sign up to save your podcasts
Or
Share ATT&CK Matrix
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ATT&CK Matrix
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/)
Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Ian McShane (@ianmcshane), VP, product marketing, Endgame.
Thanks to this week’s podcast sponsor, Endgame
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.
On this episode of Defense in Depth, you'll learn:
- ATT&CK Matrix should be used both strategically and tactically.
- Use it strategically to understand gaps in your security program.
- As for tactics, it's great for blue team exercises. When you're being attacked, it helps you understand what's going to happen next.
- You can use ATT&CK framework even on 0 day viruses. It allows you to focus on the techniques in an attack rather that the specifics of an attack.
- When you're being attacked, be wary of getting conflicting information from your tools.
- If you have a tool that's constantly producing noise, you have two options: either fix it or dump it.
- The reason two seemingly similar tools are producing different results is because they're taking different paths. Once you understand the paths you'll understand the variances.
- The goal would be for industry standardization or maybe even a third party to come in and act as middleware to offer standardization. Is that even possible?
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/)
Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Ian McShane (@ianmcshane), VP, product marketing, Endgame.
Thanks to this week’s podcast sponsor, Endgame
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.
On this episode of Defense in Depth, you'll learn:
- ATT&CK Matrix should be used both strategically and tactically.
- Use it strategically to understand gaps in your security program.
- As for tactics, it's great for blue team exercises. When you're being attacked, it helps you understand what's going to happen next.
- You can use ATT&CK framework even on 0 day viruses. It allows you to focus on the techniques in an attack rather that the specifics of an attack.
- When you're being attacked, be wary of getting conflicting information from your tools.
- If you have a tool that's constantly producing noise, you have two options: either fix it or dump it.
- The reason two seemingly similar tools are producing different results is because they're taking different paths. Once you understand the paths you'll understand the variances.
- The goal would be for industry standardization or maybe even a third party to come in and act as middleware to offer standardization. Is that even possible?
More shows like Defense in Depth
View all
Security Now (Audio)
1,979 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
183 Listeners
CyberWire Daily
1,009 Listeners
Smashing Security
312 Listeners
Click Here
413 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
167 Listeners