Speakers
Synopsis
This session is designed for everyone. Whether you are a complete beginner struggling with technology, a seasoned information/cyber security professional, or a decision maker, this presentation has practical tools for everyone.
In the ever-evolving realm of Information Technology (IT) and Operational Technology (OT) cybersecurity, understanding and mitigating threats proactively is the only path forward. MITRE’s ATT&CK (Adversarial Tactics, Techniques and Common-Knowledge) and D3FEND (Detection, Denial, and Disruption Framework Empowering-Network-Defence) frameworks provides an evolving approach to comprehend and counter the Tactics, Techniques, and Procedures (TTPs) employed by Threat Actors. The audience will gain insights into securing systems using a risk-based and holistic approach to cyber exposure in both IT and OT.
The ATT&CK and D3FEND frameworks, are developed and maintained by MITRE with support of front-liner community worldwide. The frameworks are provided free of charge as part of broader cybersecurity initiatives funded by the US National Cybersecurity Federally Funded Research and Development Center (NCF). The NCF, operated by MITRE and sponsored by the National Institute of Standards and Technology (NIST), is the only FFRDC in the US dedicated solely to cybersecurity.
ATT&CK has had such impact that it is officially used by the Cybersecurity and Infrastructure Security Agency (CISA) in their threat report “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to US Critical Infrastructure”, which was co-authored by ASD and ACSC. Using ATT&CK, the report explained and mapped the living-of-the-land (LOTL) TTPs of Volt-Typhoon; used to gain access in the US Critical Infrastructure for the last five years.
The fast pace of change in cybersecurity can be overwhelming for those who try to keep up-to-date. The ATT&CK/D3FEND frameworks serve as a knowledge base of what is actually happening in the field. It catalogues attackers and defenders TTPs and the common vulnerabilities they exploit, how to detect and mitigate them while providing a clear taxonomy of how breaches can occur.
ATT&CK allows to single out TTPs related to Advanced Persistent Threat (APT) groups that attack specific industries. By understanding these TTPs, information security professionals can proactively prioritise security measures to secure information systems and data assets in their specific industry.
ATT&CK has four matrices:
- Enterprise matrix for Windows, Linux, and MacOS;
- Enterprise cloud matrix for Azure AD, Office365, Google Workspace, SaaS, IaaS, Network, and Containers;
- Mobile matrix for Android & iOS; and
- ICS matrix for Industrial Control Systems.
In tandem, D3FEND complements ATT&CK by focusing on the defender's TTPs. It outlines a knowledge graph of cybersecurity countermeasures against ATT&CK’s TTPs. The emphasis is on a proactive security posture that not only detects threats but also prevents and responds to attacks effectively.
The session provides practical knowledge and tools for front liners, decision makers, and the broader Australian-Cybercon audience to better understand and act upon the threat surface. The cybersecurity landscape will undoubtedly continue to evolve, driven by advancements in AI and changes in attacker's TTPs. It is vital to understand the threat surface and being able to communicate it visually and verbally between front liners and different levels of management.
