Using MITRE ATT&CK™ in Threat Hunting and Detection

Thumb original uk uws using mitre attack in threat hunting and detection white paper

MITRE ATT&CK1 is an open framework and knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviours.

This paper will introduce you to ATT&CK and related tools and resources based on ATT&CK. Then it will discuss how to make practical use of ATT&CK with a focus on threat hunting and detection.

View whitepaper
Date: 9 October 2019, 15:07 pm   |   Provider: LogRhythm EMEA   |   Size: 4.55 MB   |   Language: English
This may interest you too:
Thumb original definitive guide to soar ebook  1

Definitive guide to SOAR

Cybersecurity organizations have their work cut out for them. As the last line of defense in the fight against cyberthreats, they stand between their corporations’ valuable IT assets and cyberattackers. But these attackers aren’t social outcasts emailing viruses from their parents’ basement.

Today’s cyberattackers are more formidable and more sophisticated than ever before. Attackers are resourceful and ruthless in their efforts to steal data, commit fraud, abuse resources, and disrupt services. They’re also patient and have the power of nu ...

To the download
Thumb original uk swift white paper

LogRhythm for SWIFT Customer Security Controls Framework

Society for Worldwide Interbank Financial Telecommunication (SWIFT) facilitates a huge number of financial transactions every day via the secure messaging system it provides to its members. In addition to banks, the system is also used by other major financial players. SWIFT does not maintain accounts or handle funds, but its network moves huge sums every day. Member institutions, if compromised, can be used to send fake messages that other members act upon in good faith. Such activity has resulted in both attempted and successful transfers of ...

To the download
Thumb original forrestertei cylanceprotectandcylanceoptics

The Total Economic Impact™ Of CylancePROTECT® And CylanceOPTICS™

Employee endpoints are the interfaces between employees and the corporate data and applications they need to do their jobs. Attackers understand this — and actively target employee endpoints as well as the server endpoints hosting corporate data. More than 50% of companies experience a significant data breach each year, and endpoints, as a critical conduit for valuable corporate data, are the top targets for attack. Endpoint security solutions provide a critical line of defense, protecting PCs, laptops, and servers from malicious threats. ...

To the download
Thumb original new edr capes sb d

AI-Driven Threat and Incident Prevention, Detection, and Response

Traditional cybersecurity approaches suffer from two glaring weaknesses. First, they rely on the digital signatures of known malware in order to identify threats. This approach leaves systems vulnerable to new and non-catalogued malware. Second, they are reactive in nature, ascribing to the “it’s not a matter of if, but when” mentality and often responding to the damage caused by zero-day threats only after they execute. Guarding against known threats is important but in the modern threat, landscape organizations must also address the over 350, ...

To the download
Thumb original nextgenantivirusexecutivebrief

Executive Brief: Why It’s Time for Your Organization to Explore Next-Generation Antivirus

In this Paper:

• SMBs face the same security and compliance requirements as enterprises, without the same level of resources.

• Legacy AV has significant shortcomings, including reliance on detect-respond instead of a prevent-first approach to security.

• BlackBerry Cylance is an AI platform that helps small businesses prevent, detect, and respond to threats

...

To the download