IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
MITRE ATT&CK™ is becoming the de-facto framework for security teams to position and strengthen their defense. Analyzing individual Tactics, Techniques and Procedures (TTPs) of threat actors can improve the accuracy and speed of the response process.
The Resilient SOAR Platform can leverage ATT&CK information in a number of ways. As the MITRE framework becomes more popular, vendor support for ATT&CK is increasing in technologies like SIEM, Sandboxes, EDR and Threat Intelligence. Resilient can use this data to drive playbook decisions along with centralizing the reporting and impact of ATT&CK Techniques, Software and Groups, giving insight and actionable mitigations automatically in a playbook.
In this session, Craig Roberts, Solutions Architect at IBM Security, will explain Resilient’s approach to ATT&CK and demonstrate how it can be used to investigate and remediate a security incident in coordination with QRadar, the Hybrid Analysis sandbox from CrowdStrike and the MISP threat intelligence platform.