Detecting Cyberthreats with ATT&CK-Based Analytics
12:00pm - 1:00pmWednesday, March 7
Las Vegas - Venetian Convention Center
Despite the growing use of cyber threat-based defenses, breaches still occur and detecting them remains difficult. Once an attacker penetrates a network, there are numerous ways to hide undetected. Common means to identify post-compromise cyber attacker “footprints” have been elusive until now. The Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK™) family of models, developed for public use by the MITRE Corporation, provides a methodology for characterizing and describing the actions an adversary may take while operating on specific platforms within an enterprise network. The U.S. Department of Health and Human Services (HHS) and the National Health Information Sharing and Analysis Center (NH-ISAC) have embraced the ATT&CK methodology. They are co-leading an effort to develop ATT&CK-based analytics for use within the healthcare sector. This session will explain the ATT&CK family models in detail and describe the healthcare ATT&CK-based analytic developments.