Security Congress Abstract
Security teams frequently struggle with their security analytics (SIEM) practice, specifically how to identify malicious behaviors beyond the vendor-provided content. MITRE's granular approach to detecting threats provides an overarching strategy that organizations can follow. We will discuss the importance, value and some of the challenges implementing the MITRE ATT&CK framework for detection processes. Additionally we will cover the "how" and "why" of implementing a "Model of Continuous Improvement" for threat detection within your organization. Finally we will address the pain points (both technical and managerial) organizations face trying to improve their security analytics practice--and how to overcome those hurdles.