SANS Institute Provides Guidance on Improving Cyber Defense Using the MITRE ATT&CK Framework

Bethesda, MD; July 13, 2020

A new report from the SANS Institute, “Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework,” provides expert guidance to help cyber defense professionals learn how to best leverage the MITRE ATT&CK Framework to improve their organization’s security posture. Recommendations in the report will be shared and discussed in a trio of webcasts on July 21July 28, and August 06.

The Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project by MITRE is an initiative started in 2015 with the goal of providing a knowledge base of adversarial tactics, based on real-world observations and accessible globally. With its rapid uptake by vendors and information security teams, ATT&CK now provides a key capability that many organizations have traditionally struggled with: A standard language of attack techniques, groups that use them, and the data sources that detect them.

“MITRE ATT&CK is a multi-faceted framework that can help you not only understand your attackers’ tactics, techniques, and procedures, but also prioritize and test your defenses in a variety of highly useful ways,” says John Hubbard, paper author, SANS Certified Instructor and course author. “It is a complete set of data giving you organized and actionable info on attackers and defensive strategies.”

The new SANS paper covers key ideas and strategies for using ATT&CK to inform security defense measures with valuable threat intelligence, allowing security operations teams to not only improve their defenses, but also quantify the improvement, demonstrate those improvements with evidence, and ultimately set the team on the path to long-term success.

“You wouldn’t go into a physical fight without knowing anything about your enemy or your own defense capabilities, so why would a cyber war be any different?” says John Hubbard. “In order to give yourself the best chance at succeeding, teams need to know what they’re up against so they can prioritize their defensive spending and optimize their resources against their attackers. MITRE ATT&CK allows teams to do this in a free and simple way.”

Webcast Details

Recommendations and guidance provided in the report will be presented in detail by report author John Hubbard in a webcast on Tuesday, June 21 at 1:00 p.m. EDT (17:00 UTC), sponsored by AnomaliAttackIQCorelightCyberProofExtraHopInfobloxLogRhythm, and ThreatQuotient, and hosted by SANS Institute. Register to attend the webcast at https://www.sans.org/webcasts/114010

Get additional perspective on the report in a second webcast on Tuesday, July 28 at 1:00 p.m. EDT (17:00 UTC), in which representatives from AttackIQ will join a panel discussion with report author John Hubbard. Register to attend this webcast at https://www.sans.org/webcasts/114530

And join in a special SANS Roundtable webcast on Thursday, August 06 at 1:00 p.m. EDT (17:00 UTC), in which representatives from ExtraHop will explore additional themes from the paper. Register for this webcast at https://www.sans.org/webcasts/115345

Those who register for any of these webcasts will be among the first to receive their copy of the report, “Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework,” written by John Hubbard, SANS Certified Instructor and course author.