8-8-19 - When Attacked, Which Tool Can You Trust?

When Attacked, Which Tool Can You Trust?

August 08, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

ATT&CK Matrix

Defense in Depth: ATT&CK Matrix

 On this episode of Defense in Depth:

Co-host Allan Alford and our sponsored guest Ian McShane, vp, product marketing for Endgame, discuss:

  • ATT&CK Matrix should be used both strategically and tactically.

  • Use it strategically to understand gaps in your security program.

  • As for tactics, it's great for blue team exercises. When you're being attacked, it helps you understand what's going to happen next.

  • You can use ATT&CK framework even on 0 day viruses. It allows you to focus on the techniques in an attack rather that the specifics of an attack.

  • When you're being attacked, be wary of getting conflicting information from your tools.

  • If you have a tool that's constantly producing noise, you have two options: either fix it or dump it.

  • The reason two seemingly similar tools are producing different results is because they're taking different paths. Once you understand the paths you'll understand the variances.

  • The goal would be for industry standardization or maybe even a third party to come in and act as middleware to offer standardization. Is that even possible?

Special thanks to this week's Defense in Depth podcast sponsor, Endgame.

Endgame

Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit 

.

Sean Walls, vp, cybersecurity, Eurofins on selling cybersecurity

What do security vendors say or do that sets off your BS detector?

I just ended up shooting a bunch of "man on the street" video footage at Black Hat yesterday. Those videos will be produced soon, but until then I thought I'd share this "man on the street" video I shot at BsidesSF earlier this year. It's based on the most popular article on my site, "30 Security Vendor Behaviors That Set Off a CISO’s BS Detector." And surprise, this became my most popular video this year as well.

Will Gregorian, CISO, Addepar on security as a team sport

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.