Lessons from Applying MITRE ATT&CK in the Wild

Explore the practical applications and lessons learned from implementing MITRE ATT&CK in real-world cybersecurity operations through this 50-minute panel discussion featuring experts from MITRE Corporation, Microsoft, Pfizer, and Target. Gain insights into using adversary behavior knowledge to enhance cyber-defense strategies, learn from other organizations' experiences, and discover how to quickly apply these concepts within your own security framework. Understand the nuances of detection focus, high-fidelity alerts, and managing big data in uncontrolled environments. Delve into topics such as the distinction between detections and alerts, leveraging MITRE ATT&CK as a communication tool, and integrating it into existing systems. Acquire valuable advice for vendors, explore manual versus automated approaches, and learn how to use ATT&CK as an educational resource. Discuss the importance of transparency, test-driven development, and measuring impact while gaining practical tips on following industry experts and utilizing free tools to bolster your cybersecurity analytics.

Introduction
Take stock
Detection Focus
High Fidelity Alerts
Uncontrolled Environment
Big Data
Detections vs Alerts
Detects vs Alerts
What will drive Intel
Partnership with MITRE
How to use ATTCK
Jerry Springer moment
Dont treat it as a sacred document
Break PowerShell up
Roadmap
ATTCK as a Communications Tool
How are you instrumented for MITRE
Do you have anything to add
How are you integrating
What should vendors be doing
Dark Block June
Advice for Vendors
Manual vs Automated
Using Attack as a Resource
Admitting Your First Step
Transparency
Testdriven development
Enel test
Creating regression
Testing analytics
Using attribution
Attribution
Impact
Measuring Impact
Educational Tool
Following the right people
Free tools
Analytics