MITRE ATT&CK Flow: A Rick the Toolman episode.
Intrusion kill chain prevention is a cybersecurity first principle strategy. Security practitioners can choose a variety of tactics to support that strategy that will reduce the probability of material impact to their organization due to a cyber event. But all of those tactics (Running a SOC, Orchestrating the security stack, incorporating a cyber threat intelligence function to build adversary playbooks and sharing that intelligence with peers, and finally, using those playbooks in purple team exercises) rely on having a collection of good threat intelligence on the tactics, techniques, and procedures used by known cyber adversary groups. The security community has recognized the MITRE ATT&CK framework as the best open source and free collection of that intelligence. While that’s true, using that information efficiently isn’t for the faint of heart. In its current form, The MITRE ATT&CK Wiki isn’t that easy to use. MITRE’s leadership has recognized that situation and spun out a nonprofit company, called MITRE Engenuity, to rectify that situation. One of their missions is to build tools, like ATT&CK Powered Suit and ATT&CK Flow, for the infosec community to use. In this episode, we will talk with Jon Baker, the Director for the Center for Threat-Informed Defense at MITRE Engenuity and other Cyberwire Hash Table members about these ideas.