To Blue with ATT&CK-Flavored Love - SANS Blue Team Summit

The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders improve their ability to prevent and detect attacks. Presenter: Jamie Williams, Cyber Adversarial Engineer, MITRE MITRE ATT&CK was originally created by red and blue teamers working together in a giant lovefest known as the Fort Meade Experiment. Building on that history, this talk will provide a love letter rekindling that flame. The talk is more than an ATT&CK overview. The presenter will use his unique perspective from real-world red teaming experience to cover insights, lessons learned, and a general perspective of defense and the hunt in order to show how ATT&CK is a valuable tool to help red and blue teams work together to improve their defenses. Specific topics to be covered include: - Research Soap Boxes vs. the Mad, and Expensive, Real World – How the field of red team research is different from the real world and what that means for blue teamers. - Sensing and Analytics Done Right…Maybe – The sensor data blue teamers should be collecting in order to have the best chance to catch red teamers and adversaries, as well as how to write behavioral analytics to catch them. - What Does It Mean to Hunt and How Can Your Red Team Help? – Advice for blue teamers trying to undertake the mammoth task of threat hunting, and what that actually means. - How Do You Really Use ATT&CK? – ATT&CK is the new hotness. That’s great and all, but how can we use it for real to make our defenses stronger?