Here are the questions that were asked during the session:
Why was MITRE ATT&CK Framework Chosen Versus Others That Exist?
The ATTA&CK platform is actually a map of different exploitation techniques that mapped against different steps in the attack chain that come from current in the wild scenarios that are used by different APT actors. It helps you to understand better current threat landscape.
Will you have this coverage validated by MITRE in their next product evaluation?
Planned for 2020.
What does Paranoid Mode mean?
Paranoid mode means that the prevention settings used are very strict. Although these contribute to greater detections, they can create higher false positives. Therefore, they are not recommended to use in regular scenarios.
Is the Check Point MITRE Navigator Available to Customers?
Not currently, but we plan to make it available on CheckMates in the coming weeks.
Any Plans to Embed MITRE Information in the Threat Prevention Dashboard or Similar?
We are working on adding many aspects of the MITRE ATT&CK framework to all of our products. The first visible one will be adding the observed techniques to the SandBlast Agent Forensics reports. Additional functionality is planned.
For Endpoint, Do You Collect and Correlate the Windows Events?
As part of SandBlast Agent, yes.