From IoC to TTP: How Attack Chains Have Evolved
Petrus will discuss the evolution of threat hunting from focusing on IoCs to TTPs. While discovering IoCs is necessary, organizations need to focus more on TTPs to understand the entire breadth of an attack, rather than simply stringing together the artifacts and IoCs. The discussion will include strategies for detecting advanced attacks by looking at them more holistically.
MITRE ATT&CK, An update
Richard will introduce the MITRE ATT&CK framework, share recent updates and explain how it can be used by security teams. MITRE ATT&CK is a comprehensive knowledge base of adversary tactics used at each stage of an attack – from initial system access to data theft to command and control – and techniques that attackers use in each stage. There are a number of ways MITRE ATT&CK can be effectively integrated into a security team’s arsenal.
Hunting, Investigation & Response with Exabeam
Richard will walk through a live behavioral threat hunting exercise and an investigation and response demo that outlines how Exabeam can help you defend against attacker TTPs. Specifically, we will show how machine-learning based anomaly detection can be used to detect TTPs, and how Exabeam is adopting MITRE ATT&CK to help security analysts further improve their threat detection, investigation and response.
Richard Cassidy has been consulting to businesses on cyber security strategies and programs for more than 19 years, working across highly regulated industries including finance, insurance, retail, manufacturing, government and military. During his career, Richard has been heavily engaged in the design and implementation of solutions, helping organisations in evolving security, compliance, risk management, data assurance, automation, orchestration & response practices.
Petrus Koskinen is an Associate Director in Accenture Security. Petrus has been working in ICT industry for the last 20 years with projects ranging from large scale CRM and billing platform implementations to custom development projects. During the recent 10 years Petrus has been involved with cyber security especially with identity management, application security and security operation center related engagement. Most recently Petrus has been responsible for Accenture Security Finland’s sales and business development and security sales in Nordics.