The MITRE ATT&CK framework delivers clear value for SOC analysts by making it harder for adversaries to avoid detection. Analysts without access to ATT&CK struggle to develop a deep understanding of their organization’s defense limitations and risks. This results in increased false-positive rates, ineffective correlation across investigations, and reduced productivity and effectiveness. However, ATT&CK is complex and, initially, it could overwhelm analysts. Join this session to learn how to deploy ATT&CK while overcoming these complexities.
Presenter: Jason Mical | Global Cybersecurity Evangelist | Devo