Finding Cyber Threats with ATT(and)CK(registered trademark)-Based Analytics
MITRE CORP ANNAPOLIS JUNCTION MD ANNAPOLIS JUNCTION United States
Pagination or Media Count:
Post-compromise intrusion detection of cyber adversaries is an important capability for networkdefenders as adversaries continue to evolve methods for compromising systems and evadingcommon defenses. This paper presents a methodology for using the MITRE ATT and CKframework, a behavioral-based threat model, to identify relevant defensive sensors and build,test, and refine behavioral-based analytic detection capabilities using adversary emulation. Thismethodology can be applied to enhance enterprise network security through defensive gapanalysis, endpoint security product evaluations, building and tuning behavioral analytics for aparticular environment, and performing validation of defenses against a common threat modelusing a red team emulating known adversary behavior.
- Computer Systems Management and Standards