cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Admin
Admin

Mitre ATT&CK Framework and Check Point TechTalk

On 14th August 2019, we recorded a TechTalk with @Jony_Fischbein and @Irina_Shalem on how to take Cyber Security to the next level with the MITRE ATT&CK Framework.

Presentation Materials, available to CheckMates members, include:

An excerpt of the session is below. Q&A from the session will be posted in the comments.

(view in My Videos)

1 Reply
Admin
Admin

Re: Mitre ATT&CK Framework and Check Point TechTalk

Here are the questions that were asked during the session:

Why was MITRE ATT&CK Framework Chosen Versus Others That Exist?

The ATTA&CK platform is actually a map of different exploitation techniques that mapped against different steps in the attack chain that come from current in the wild scenarios that are used by different APT actors. It helps you to understand better current threat landscape.

Will you have this coverage validated by MITRE in their next product evaluation?

Planned for 2020.

What does Paranoid Mode mean?

Paranoid mode means that the prevention settings used are very strict. Although these contribute to greater detections, they can create higher false positives. Therefore, they are not recommended to use in regular scenarios.

Is the Check Point MITRE Navigator Available to Customers?

Not currently, but we plan to make it available on CheckMates in the coming weeks.

Any Plans to Embed MITRE Information in the Threat Prevention Dashboard or Similar?

We are working on adding many aspects of the MITRE ATT&CK framework to all of our products. The first visible one will be adding the observed techniques to the SandBlast Agent Forensics reports. Additional functionality is planned.

For Endpoint, Do You Collect and Correlate the Windows Events?

As part of SandBlast Agent, yes.

0 Kudos