Session ID: 
123

Detecting Cyberthreats with ATT&CK-Based Analytics

12:00pm - 1:00pm Wednesday, March 7
Las Vegas - Venetian Convention Center
Marcello 4401

Description

Despite the growing use of cyber threat-based defenses, breaches still occur and detecting them remains difficult. Once an attacker penetrates a network, there are numerous ways to hide undetected. Common means to identify post-compromise cyber attacker “footprints” have been elusive until now. The Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK™) family of models, developed for public use by the MITRE Corporation, provides a methodology for characterizing and describing the actions an adversary may take while operating on specific platforms within an enterprise network. The U.S. Department of Health and Human Services (HHS) and the National Health Information Sharing and Analysis Center (NH-ISAC) have embraced the ATT&CK methodology. They are co-leading an effort to develop ATT&CK-based analytics for use within the healthcare sector. This session will explain the ATT&CK family models in detail and describe the healthcare ATT&CK-based analytic developments.

Learning Objectives: 

  • Explain the Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) for Enterprise framework, as well as the broader family of ATT&CK models, for characterizing post-compromise adversary behavior
  • Describe how to use the ATT&CK family of models and the Cyber Analytics Repository (CAR) knowledge base to help identify and mitigate adversary behavior on an enterprise network
  • Characterize the collaborative effort developing ATT&CK-based analytics to detect post-compromise cyber attackers on healthcare systems and networks

Speaker(s): 

President,
NH-ISAC
Principal Cybersecurity Engineer,
The MITRE Corporation
Continuing Education Credits: 
ABPM
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00

Audience: 

CIO, CTO
IT Professional
Security Professional

Level: 

Intermediate

WHERE THE WORLD
CONNECTS FOR HEALTH