Download - ATT&CK Matrix

Discover

Podcast Features
Your all-in-one podcasting solution.

Blog to Podcast
Turn your blog into an engaging podcast.
Livestream
High-performing audio live, without limits.

Podcast Studio
Easy-to-use audio recorder app.
Podbean AI
AI-Enhanced Audio Quality and Content Generation.

Podcast App
The best podcast player & podcast app.

Ads Marketplace
Join Ads Marketplace to earn money
through sponsorship on your podcast.

PodAds
Manage your ads with dynamic ad insertion capability.
Apple Podcasts Subscriptions Integration
Effortlessly publish and manage exclusive episodes for your
Apple Podcasts subscribers directly from Podbean.
Live Streaming
Receive livestream rewards from your audience and earn
recurring income from your Fan Club membership.

All Arts Business Comedy Education
Fiction Government Health & Fitness History Kids & Family
Leisure Music News Religion & Spirituality Science
Society & Culture Sports Technology True Crime TV & Film
Live

How to Start a Podcast
How to Start a Live Podcast
How to Monetize a podcast
How to Promote Your Podcast
How to Use Group Recording

Log in
Start your podcast for free

Podcasting
Monetization
Advertisers
Enterprise
Pricing
Discover

Defense in Depth

Technology

ATT&CK Matrix

2019-08-08

Download Right click and do "save link as"

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/)

Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither?

Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Ian McShane (@ianmcshane), VP, product marketing, Endgame.

Thanks to this week’s podcast sponsor, Endgame

Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.

On this episode of Defense in Depth, you'll learn:

ATT&CK Matrix should be used both strategically and tactically.
Use it strategically to understand gaps in your security program.
As for tactics, it's great for blue team exercises. When you're being attacked, it helps you understand what's going to happen next.
You can use ATT&CK framework even on 0 day viruses. It allows you to focus on the techniques in an attack rather that the specifics of an attack.
When you're being attacked, be wary of getting conflicting information from your tools.
If you have a tool that's constantly producing noise, you have two options: either fix it or dump it.
The reason two seemingly similar tools are producing different results is because they're taking different paths. Once you understand the paths you'll understand the variances.
The goal would be for industry standardization or maybe even a third party to come in and act as middleware to offer standardization. Is that even possible?