This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
PhoneBoy
Admin
Admin
‎2019-08-14 10:10 AM

Mitre ATT&CK Framework and Check Point TechTalk

On 14th August 2019, we recorded a TechTalk with @Jony_Fischbein and @Irina_Shalem on how to take Cyber Security to the next level with the MITRE ATT&CK Framework.

Presentation Materials, available to CheckMates members, include:

An excerpt of the session is below. Q&A from the session will be posted in the comments.

(view in My Videos)

Reply
8 Replies
PhoneBoy
Admin
Admin
‎2019-09-04 02:27 PM

Here are the questions that were asked during the session:

Why was MITRE ATT&CK Framework Chosen Versus Others That Exist?

The ATTA&CK platform is actually a map of different exploitation techniques that mapped against different steps in the attack chain that come from current in the wild scenarios that are used by different APT actors. It helps you to understand better current threat landscape.

Will you have this coverage validated by MITRE in their next product evaluation?

Planned for 2020.

What does Paranoid Mode mean?

Paranoid mode means that the prevention settings used are very strict. Although these contribute to greater detections, they can create higher false positives. Therefore, they are not recommended to use in regular scenarios.

Is the Check Point MITRE Navigator Available to Customers?

Not currently, but we plan to make it available on CheckMates in the coming weeks.

Any Plans to Embed MITRE Information in the Threat Prevention Dashboard or Similar?

We are working on adding many aspects of the MITRE ATT&CK framework to all of our products. The first visible one will be adding the observed techniques to the SandBlast Agent Forensics reports. Additional functionality is planned.

For Endpoint, Do You Collect and Correlate the Windows Events?

As part of SandBlast Agent, yes.

0 Kudos
Reply
Julian_Sanchez
Contributor
‎2019-12-12 07:59 AM
In response to PhoneBoy

Hello mate, 

Do you know if it is available on checkmates yet? or in the webpage the checkpoint for partners?

thanks

Reply
PhoneBoy
Admin
Admin
‎2019-12-13 09:56 AM
In response to Julian_Sanchez

Not yet as we are still validating the mapping.
We expect to make it available around the CPX timeframe.
Reply
William_Gutierr
Participant
‎2020-04-30 01:46 PM
In response to PhoneBoy

Hello folks,

 

No updates about it?

0 Kudos
Reply
Paul_Gademsky
Collaborator
‎2020-12-16 11:34 AM
In response to PhoneBoy

@PhoneBoy 

I'm trying to find the MITRE ATT&CK view in R80.40 (which it promises is there in 'whats new'.

I do have it in R81 available as a 'view' item, but it can not be exported (one of the few that can't).

Support does not seem to have a download for it either, and it's not in the tools section that @Danny has been populating with goodies.

Can you find out where it can be obtained for R80.40?

0 Kudos
Reply
Danny
Champion
Champion
‎2020-12-16 12:13 PM
In response to Paul_Gademsky

It's planned to be released for R80.40 as a SmartConsole Extension. As far as I know it is not available yet.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-12-16 03:54 PM
In response to Paul_Gademsky

I do see a reference to the MITRE ATT&CK fields in the R80.40 JHF (Take 53 and above)...
Do you have that installed?

0 Kudos
Reply
Oren_Koren
Employee+
Employee+
‎2020-12-17 12:24 AM

SmartView dashboard - it was added to R81 (not R80.40 yet)

Extension - we are working on a new extension for R80.30 and above for MITRE - if you want to test it out, just send me an email and i will gladly share it with you to get your inputs 🙂

orenkor@checkpoint.com

0 Kudos
Reply