Detecting Cyber Threats with ATT&CK-based Analytics

A HIMSS18 presentation


Despite the growing use of cyber threat-based defenses, breaches still occur and detecting them remains difficult. Once an attacker penetrates a network, there are numerous ways to hide undetected. Common means to identify post-compromise cyber attacker “footprints” have been elusive until now. The Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK™) family of models, developed for public use by the MITRE Corporation, provides a methodology for characterizing and describing the actions an adversary may take while operating on specific platforms within an enterprise network. The U.S. Department of Health and Human Services (HHS) and the National Health Information Sharing and Analysis Center (NH-ISAC) have embraced the ATT&CK methodology. They are co-leading an effort to develop ATT&CK-based analytics for use within the healthcare sector. This session will explain the ATT&CK family models in detail and describe the healthcare ATT&CK-based analytic developments.


Speakers: Denise Anderson, NH-ISAC and Julie Connolly, MITRE


View the presentation: Detecting Cyber Threats with ATT&CK-based Analytics

Share This