Improve your security posture with Zeek and MITRE ATT&CKTM

mitre_attack_c2_800x800

Techniques, tactics, and procedures (TTPs) are useful for characterizing patterns of adversary behavior, such as sending a spearphishing attachment for initial access or using the Remote Desktop Protocol to move laterally in a target environment. 

To comprehensively track TTPs and develop corresponding defense strategies, security pros increasingly turn to MITRE ATT&CK™, a TTP repository based on real-world observations. While no single technology nor process can cover all TTPs, did you know that the Zeek Network Security Monitor (formerly “Bro”) can give you powerful visibility and detection against critical TTPs in the MITRE ATT&CK™ framework? 

Tune into this webcast to hear from world-class security operators as they dig into the MITRE framework and review concrete, step-by-step examples of how you can use Zeek to significantly improve your visibility and defenses. 

Register for this webcast to learn: 

  • The history and evolution of the MITRE ATT&CK™ framework
  • How Zeek covers TTPs related to data exfiltration and C2s, such as remote file copy detection
  • How Zeek covers lateral movement TTPs, such as SSH hijacking
  • And more...

Panelists:

Richard Bejtlich

Strategist & Author in Residence

Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).Previously Chief Security Strategist at FireEye, and Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, Richard built and led the 40-member GE Computer Incident Response Team (GE-CIRT).

James Schweitzer

East and Federal SE Director, Corelight

James Schweitzer is the East and Federal SE Director at Corelight. Previously, he worked at The MITRE Corporation in the security center for over a decade supporting multiple US Government agencies. James is a graduate of Virginia Tech and The George Washington University.

Jean Schaffer

Federal Chief Technology Officer, Corelight

Jean Schaffer is an experienced professional in Cybersecurity, Information Assurance, and IT Operations. She is recently retired from the Intelligence community after 33+ years of public service, 15 at SES level. Jean brings technical expertise, understanding of the IC/DoD and a wealth of experience.