2019-10-23, 17:00–17:20, Europe
Within blue teams, it is crucial to have sufficient and adequate information on several aspects to prioritise your defence efforts. Important aspects are: visibility (indicate if you have sufficient data sources to be able to see traces of attack techniques), detection (how good are you in detecting attackers) and threat actor behaviours (to determine which attack behaviours are essential for your organisation to defend against).
Obtaining and administrating this information can be a challenge. In this talk we present the DeTT&CT framework, build atop of MITRE ATT&CK, that helps blue teams to gain insight into these aspects and to start prioritising their defence efforts. The ultimate goal of DeTT&CT is to become more resilient against attacks targeting your organisation.