Скачать или смотреть Operationalizing the MITRE ATT&CK Framework for Security Operations Centers (SOCs) Course

The MITRE ATT&CK Framework is a globally accessible public knowledge base based on real-world observations of adversary operations. MITRE ATT&CK systematically defines and organizes Tactics, Techniques, and Procedures (TTPs). It MITRE ATT&CK has become a common language between security teams to describe TTPs. The other important aspect of MITRE ATT&CK is that it is a community-driven initiative; therefore, it is a compelling framework as the whole global security community can contribute to it. The other aspect of the MITRE ATT&CK framework is that it is not static. The framework expands as new MITRE ATT&CK techniques and tactics are observed.

This video includes the first section of the Operationalizing the MITRE ATT&CK Framework for Security Operations Centers (SOCs) Course of Purple Academy by Picus. It is a micro-course designed for busy professionals. These courses are short (around 1 hour), focused on a particular topic, accessible 24/7, and offered in a convenient, self-paced format. Students who complete a course receive a verifiable badge and certificate.

In the MITRE ATT&CK Matrix for Enterprise, each column represents a tactic (the adversary's technical goals). To achieve these goals, adversaries use different methods, which are called MITRE ATT&CK techniques. MITRE ATT&CK provides valuable information for each technique and sub-technique, such as metadata, procedure examples, mitigations, and detection to help security teams.

MITRE ATT&CK also provides threat groups that are related to an intrusion activity, as well as software utilized by these threat groups. Briefly, in the life cycle of a cyber attack, a Threat Group uses some techniques or sub-techniques to accomplish their goals (tactics), manually or via some software.

Let’s focus on how MITRE ATTACK can be operationalized. MITRE suggests operationalizing the ATTACK framework in four use cases. The first use case is 'Threat Intelligence', which is using ATTACK as a threat intel source. The second one is 'Adversary Emulation', which includes using ATTACK to assess your defenses and red teaming. The third use case is 'Gap Analysis'. In this use case, we use ATTACK to identify defensive gaps. The fourth one is 'Detection & Analytics', which includes addressing the identified defensive gaps.

In order to learn how to operationalize MITRE ATT&CK via the four use cases for red teams, blue teams, and purple teams, you can visit the 'Operationalizing MITRE ATT&CK for SOCs' course in Purple Academy, which is a give-back project of Picus Security to provide open-access (free) cybersecurity courses to the community. Students who complete the course receive a verifiable certificate as recognition of their efforts. They also earn Continuing Professional Education (CPE) credits.