Foiling Modern Attacks: Map MITRE ATT&CK Tactics to Falco Rules



With more and more companies moving their applications and infrastructure to the cloud, the potential attack surface has expanded dramatically. Attackers know they have a window of opportunity and have become savvier at carrying out advanced cloud and container attacks. Within seconds of entering your cloud environment, they can begin conducting cryptomining, supply chain attacks, and other forms of advanced attacks. Without the ability to detect and respond to these attacks in real-time, it’s almost impossible to stop them from causing significant damage.

 

The MITRE ATT&CK framework tests an organization's readiness to detect and prevent tactics and techniques associated with today’s latest cloud and container threat actors. In this panel with a SANS Analyst, we will discuss how your organization can navigate the complexity of the MITRE ATT&CK framework:

  • How to interpret the results across Protection, Detection and Response. (PDR)
  • The difference between Technique, Tactic, and Telemetry detections. (3 T's)
  • How to map open-source Falco rules to the MITRE ATT&CK framework to help stop breaches and advanced attacks.

Speaker and Presenter Information

Nigel Douglas

Matt Kim

Sysdig

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Members who viewed this event also viewed:


Event Type
Webcast


When
Tue, Feb 28, 2023, 3:30pm ET


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
SANS Institute


Contact Event Organizer



Return to search results