Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Mitre ATT&CK Framework and Check Point TechTalk

On 14th August 2019, we recorded a TechTalk with @Jony_Fischbein and @Irina_Shalem on how to take Cyber Security to the next level with the MITRE ATT&CK Framework.

Presentation Materials, available to CheckMates members, include:

An excerpt of the session is below. Q&A from the session will be posted in the comments.

8 Replies
PhoneBoy
Admin
Admin

Here are the questions that were asked during the session:

Why was MITRE ATT&CK Framework Chosen Versus Others That Exist?

The ATTA&CK platform is actually a map of different exploitation techniques that mapped against different steps in the attack chain that come from current in the wild scenarios that are used by different APT actors. It helps you to understand better current threat landscape.

Will you have this coverage validated by MITRE in their next product evaluation?

Planned for 2020.

What does Paranoid Mode mean?

Paranoid mode means that the prevention settings used are very strict. Although these contribute to greater detections, they can create higher false positives. Therefore, they are not recommended to use in regular scenarios.

Is the Check Point MITRE Navigator Available to Customers?

Not currently, but we plan to make it available on CheckMates in the coming weeks.

Any Plans to Embed MITRE Information in the Threat Prevention Dashboard or Similar?

We are working on adding many aspects of the MITRE ATT&CK framework to all of our products. The first visible one will be adding the observed techniques to the SandBlast Agent Forensics reports. Additional functionality is planned.

For Endpoint, Do You Collect and Correlate the Windows Events?

As part of SandBlast Agent, yes.

0 Kudos
Julian_Sanchez
Collaborator

Hello mate, 

Do you know if it is available on checkmates yet? or in the webpage the checkpoint for partners?

thanks

PhoneBoy
Admin
Admin

Not yet as we are still validating the mapping.
We expect to make it available around the CPX timeframe.
William_Gutierr
Participant

Hello folks,

 

No updates about it?

0 Kudos
Paul_Gademsky
Employee
Employee

@PhoneBoy 

I'm trying to find the MITRE ATT&CK view in R80.40 (which it promises is there in 'whats new'.

I do have it in R81 available as a 'view' item, but it can not be exported (one of the few that can't).

Support does not seem to have a download for it either, and it's not in the tools section that @Danny has been populating with goodies.

Can you find out where it can be obtained for R80.40?

0 Kudos
Danny
Champion Champion
Champion

It's planned to be released for R80.40 as a SmartConsole Extension. As far as I know it is not available yet.

0 Kudos
PhoneBoy
Admin
Admin

I do see a reference to the MITRE ATT&CK fields in the R80.40 JHF (Take 53 and above)...
Do you have that installed?

0 Kudos
Oren_Koren
Employee Alumnus
Employee Alumnus

SmartView dashboard - it was added to R81 (not R80.40 yet)

Extension - we are working on a new extension for R80.30 and above for MITRE - if you want to test it out, just send me an email and i will gladly share it with you to get your inputs 🙂

orenkor@checkpoint.com

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events