1-Day Instructor-Led Training
Applying the MITRE ATT&CK Framework
Course 3942
- Duration: 1 day
- Language: English
-
6 NASBA CPE Credits (live, in-class training only)
- Level: Intermediate
In this course, you will gain a foundational understanding of the MITRE ATT&CK Framework. Topics covered include its definition, the goals it aims to achieve, and its essential components, such as matrices, tactics, techniques, data sources, mitigations, groups, software, campaigns, and model relationships.
Through a case study, you'll explore the real world to illustrate how these components are interconnected. You'll explore the process of prioritizing techniques using cyber threat intelligence (CTI) and assess the effectiveness of current defensive measures.
MITRE ATT&CK Framework Training Delivery Methods
Online
Enterprise Solutions Available
MITRE ATT&CK Framework Training Information
In this course, you will learn how to:
- Develop a strong foundational knowledge of the MITRE ATT&CK Framework and its components.
- Apply the framework to real-world cyber threats, such as the SolarWinds supply chain attack.
- Learn how to map threat intelligence, alerts, and adversary behaviors to ATT&CK.
- Use ATT&CK-mapped data to make informed and prioritized defensive recommendations.
- Understand the role of cyber threat intelligence and its practical applications in security.
Training Prerequisites
Basic knowledge of cybersecurity concepts and terminology is recommended but not required.
MITRE ATT&CK Framework Training Outline
MITRE ATT&CK Framework Definition
Goal of MITRE ATT&CK Framework
Matrices
Tactics and Techniques
Data Sources
Mitigations
Groups
Software
Campaigns
MITRE ATT&CK Model Relationships
MITRE ATT&CK Model Relationships Example
Breakdown of Tactics, Techniques, Procedures, Mitigations, and Detection
TeamTNT
- Mitigations
- Detection
SolarWinds Compromise Background Information
Software Components of SolarWinds Compromise
- SUNBURST and SUNSPOT
Mapping the Indicators to MITRE ATT&CK Framework
Loosely Linking Everything Together for SolarWinds
ATT&CK Navigator
- SolarWinds ATT&CK Navigator
SolarWinds Attack Timeline
Indicators of Compromise (IOC)
Mitigations That Might Reduce the Likelihood and/or Impact of Supply Chain Attacks
Review of SolarWinds Compromise and Ability to Link to ATT&CK
Mapping Threat Intelligence to ATT&CK
- Cyber Threat Intelligence (CTI) and IoBs
- Analyzing Behavior
- UEBA Data Sources
- Data Drawn From Above Sources
Snake Malware and Turla CTI Advisories and Alerts
- Research Advisory and Alert Information
- Adversary Behavior
- Volatility Plugin
- Network Intrusion Detection Systems (NIDS)
- Host-Based Detection
- Non-Standard Icon Size and Yara Rule
- Memory Analysis
Practical Research Exercise
- Initial Analysis
- Mapping Data to MITRE ATT&CK
- Compare Results to Improve Mapping
Pyramid of Pain
Use Collected and Analyzed Data to Make Initial Recommendations
Process for Making Recommendations
Ways to Determine Priority of Techniques Using CTI
Assess Current Defensive Measures and Their Effectiveness
- MITRE CAR and D3FEND
- MITRE’s Cyber Analytics Repository (CAR)
- MITRE D3FEND
- MITRE ATT&CK and D3FEND
MITRE D3FEND Practical Exercise
MITRE D3FEND Practical Exercise Answer
Research Additional Defensive Options and Organizational Capabilities/Constraints
Consider Tradeoffs for Each Option
Sample Pros and Cons of Options
Make Recommendations
Make Recommendations—Supply Chain Compromise
Need Help Finding The Right Training Solution?
Our training advisors are here for you.
MITRE ATT&CK Framework FAQs
The MITRE ATT&CK Framework is a comprehensive knowledge base of cyber adversary tactics, techniques, and procedures (TTPs) used in attacks. It's a valuable resource for understanding and countering cyber threats.
This course is designed for IT and cybersecurity professionals, security analysts, incident responders, threat intelligence analysts, and anyone interested in enhancing their knowledge of cyber threat analysis and defense strategies.
This course equips you with the knowledge and skills to better understand and respond to cyber threats. It's valuable for career growth in cybersecurity, threat analysis, and incident response.
For organizations, it can enhance their security posture and the ability to detect and mitigate threats effectively.
The main takeaways from this course include a strong foundation in the MITRE ATT&CK Framework, the ability to map real-world threats to it, and the skills to make informed defensive recommendations based on the framework.
- IT and cybersecurity professionals
- Security analysts and researchers
- Incident responders
- Threat intelligence analysts
- Anyone interested in enhancing their understanding of cyber threat analysis and defense strategies.