The SOC Counter ATT&CK

Explore the world of Security Operations Center (SOC) and its relationship with the MITRE ATT&CK framework in this 30-minute conference talk by Mathieu Saulnier at NorthSec 2019. Delve into the history of attacks, the ATT&CK framework, and its Navigator tool. Learn about scoring methodologies, threat detection reporting, and threat modeling techniques. Discover how to leverage the ATT&CK matrix for key performance indicators and explore tools like Sigma, ModularOS Query, and Red Canary for threat hunting and red team automation. Gain valuable insights from a seasoned security professional with extensive experience in SOC implementation, detection, and mentorship across major Canadian institutions.

Intro
History of Attack
Attack Framework
Attack Navigator
Scoring
Weight
Points
Threat Detection Report
Threat Modeling
Matrix and KPI
Sigma
Modular
OS Query
Tread Hunting
Red Canary
Atomic Friday
RedTeam Automation
Commercial
Key takeaways
Thank you