Category

Detection Engineering

Threat Detection Maturity: Applying Summiting the Pyramid at Scale

Many threat detections are easily evaded by sophisticated adversaries. Systematically improving detection capabilities is a challenge for many organizations. In this video, Michaela Adams and Jacob Shorr discuss how the Summiting the Pyramid (STP) framework can help. STP measures the robustness of …

Continue reading

Shmoocon 2024: Summiting the Pyramid of Pain

The Center for Threat-Informed Defense presents their “Summiting the Pyramid” research project at Schmoocon, a major cybersecurity conference. Steve Luke, Michaela Adams, and Roman Dasczcyszak explain how to describe, characterize, and score the robustness of cyber detections against a sophisticated …

Continue reading

Leadership Spotlight: Summiting the Pyramid with Douglas Santos (Fortinet)

In Episode 10 of the Center for Threat-Informed Defense’s “Leadership Spotlight” video series, Douglas Santos, Director, Advanced Threat Intelligence, at Fortinet’s FortiGuard Labs, discusses the Center’s “Summiting the Pyramid” R&D project.

Continue reading

Sensor Mappings to ATT&CK

Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their environment. Various tools and services are available to collect system or network information, but it is not always clear how to use those tools to provide …

Continue reading

Summiting the Pyramid: An Interview with the Creator of the Pyramid of Pain

In this interview at ATT&CKcon 4.0, October, 2023, Michaela Adams, Senior Cybersecurity Engineer at the Center for Threat-Informed Defense, speaks with David Bianco, Creator of the Pyramid of Pain.

Continue reading

Cloud Analytics

The Cloud Analytics project sought to advance the state of the practice by developing a blueprint for writing analytics for cloud platforms. To create the blueprint, the team “learned by doing” – exercising adversary behaviors, developing analytics, and refining them. Lessons learned were gathered …

Continue reading

Atomic Data Sources

Cyber threat detection starts with understanding the data sources and sensors that can be used to detect a given adversary TTP. Motivated by a lack of detailed data source definitions in MITRE ATT&CK® to support defensive cyber operations use cases, we wanted to greatly expand the set of data …

Continue reading