Presentation: Detecting the Adversary Post-Compromise with Threat Models and Behavioral AnalyticsNovember 2016
Topics: Cybersecurity, Network Security, Computer-Communication-Networks, Homeland Security, Information Security, Information Security Operations, Social and Behavioral Sciences
Collecting and sharing behavioral knowledge with the cyber-defense community is the reason MITRE engineers developed the Cyber Analytics Repository, or CAR. It's a knowledge base of analytics to help cyber-defenders recognize suspicious actions occurring in their systems. CAR complements the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK) model, also developed by MITRE. ATT&CK is a framework for describing the actions that attackers take after they've gotten inside and compromised a network. This presentation and a related video lecture explain how CAR works in tandem with ATT&CK.