�ݺ�ߣ

From ATT&CKcon 5.0 By Eli Schorr, Accenture In today's evolving cybersecurity landscape, enhancing threat detection capabilities is crucial. This presentation introduces the practical application of MITRE CTID’s new Summitting the Pyramid (StP) framework to evaluate and improve threat detection resilience using the ATT&CK framework. The StP framework offers a robust methodology to enhance threat detection analytics by evaluating them against the adversary’s cost to evade. It addresses the common issue where many analytics depend heavily on specific tools or artifacts, making them susceptible to low-cost evasion techniques by adversaries. Our journey with StP will uncover its evolution and key concepts such as core ATT&CK techniques, core procedures, preexisting and TA-brought tools, and ephemeral IOCs. We will engage the audience in a poll on real-world threat detection rule bypass strategies. Applying the StP framework to ATT&CK, we'll demonstrate how to evaluate and improve threat detection rule resilience through case studies from real-world assessments. The session will illustrate how integrating the ATT&CK and StP frameworks creates a comprehensive threat risk map, enhancing the qualitative depth of ATT&CK coverage. Attendees will leave with practical knowledge on applying the StP framework, understanding its value, and integrating it with the ATT&CK framework for a robust threat detection strategy.Read less