Category

Defensive Measures

Threat Modeling Series

A 4-part video series where we teamed up with Adam Shostack, a leading expert in threat modeling and author of ‘Threat Modeling: Designing for Security’ to explore the 4 fundamental questions of threat modeling that every defender should ask. Episode 1: What Are We Working On? Episode 2: …

Continue reading

RSAC Virtual Seminar: How to Create a Threat Modeling Process and use ATT&CK

Practical threat modeling experience is often centered in a single organization, and the fish doesn’t see the ocean. Learn from experts serving hundreds of organizations how ATT&CK provides an empirically grounded model that’s been successfully applied across commercial and government customers.

Continue reading

Defending OT with ATT&CK

Defending Operational Technology (OT) with ATT&CK provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments. Historical attacks against OT and adversarial techniques contained in ATT&CK for Enterprise, ATT&CK for …

Continue reading

Guarding the Grid: Defending Operational Technology With ATT&CK

Critical infrastructure such as electrical generation facilities, water treatment plants, and transportation systems are a lifeline for our communities. Unfortunately, this dependence has made critical infrastructure a prime target for threat actors.

Continue reading

Threat Modeling With ATT&CK

Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using existing threat modeling methodologies like STRIDE, …

Continue reading

Turn Your Threat Model to Supermodel with ATT&CK

Cybersecurity teams use threat modeling as a critical component of defensive cyber operations to understand and reduce threats to their systems and environments. To stay up to date on various threats, teams rely on cyber threat intelligence (CTI) reporting.

Continue reading

Defending IAAS with ATT&CK

Defending IaaS with ATT&CK developed an ATT&CK matrix that enables users to easily understand and work with the techniques applicable to Infrastructure-as-a-Service (IaaS) environments, regardless of whether the attacks target the cloud management layer, the container technology, or the …

Continue reading