David Branscome - Using DeTTECT and the MITRE ATT&CK Framework to Assess Your Security Posture

More and more tools today are using the MITRE ATT&CK Framework to help organizations understand the types of threats they may be seeing on their network. In this session, I'll provide an introduction to the MITRE ATT&CK Framework and then talk about how defenders can use ATT&CK to build a strategy for protecting their network. Next, we'll discuss how DeTT&CT can be used to enhance the value of the MITRE ATT&CK Framework by providing an organization with a "heat map" that helps them visually understand how their current logging coverage maps to the ATT&CK TTP's. This visual mapping can help an organization better understand where they may have gaps in logging coverage in relation to specific types of attacker techniques and tactics. The organization can then investigate ways to shore up their logging coverage so that attacker techniques are more easily detected. Last, I'll walk through the exact steps attendees will need to set up DeTT&CT on a Windows workstation, from start to finish, so they can perform this analysis when they get back to their job!