The MITRE ATT&CK framework is an effective tool for “adversary emulation,” cataloging how adversaries behave, what they’re trying to do, and the techniques used to accomplish their means. Moreover, the framework aims to provide a common language and vocabulary for practitioners, vendors, and all parties working to understand common threat actors and techniques.
In November 2018, MITRE evaluated a subset of techniques in an open-test environment, working with vendors to analyze their detection capabilities against these common techniques. With the results of the first evaluation now published, many are trying to make sense of the results to understand the efficacy of different solutions in the marketplace today.
In this event, we’ll boil down the complexity of the MITRE ATT&CK framework and discuss how we performed in the evaluation so your organization can understand:
• How to adapt the framework to your company’s environment and needs in order to get the most utility out of it
• What different detection categories mean and how to interpret results of ATT&CK Framework evaluations
• How Cybereason allows customers to search and understand their environment based on the ATT&CK Framework