This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2019-08-14 10:10 AM

Mitre ATT&CK Framework and Check Point TechTalk

On 14th August 2019, we recorded a TechTalk with @Jony_Fischbein and @Irina_Shalem on how to take Cyber Security to the next level with the MITRE ATT&CK Framework.

Presentation Materials, available to CheckMates members, include:

An excerpt of the session is below. Q&A from the session will be posted in the comments.

(view in My Videos)

8 Replies
PhoneBoy
Admin
Admin
‎2019-09-04 02:27 PM

Here are the questions that were asked during the session:

Why was MITRE ATT&CK Framework Chosen Versus Others That Exist?

The ATTA&CK platform is actually a map of different exploitation techniques that mapped against different steps in the attack chain that come from current in the wild scenarios that are used by different APT actors. It helps you to understand better current threat landscape.

Will you have this coverage validated by MITRE in their next product evaluation?

Planned for 2020.

What does Paranoid Mode mean?

Paranoid mode means that the prevention settings used are very strict. Although these contribute to greater detections, they can create higher false positives. Therefore, they are not recommended to use in regular scenarios.

Is the Check Point MITRE Navigator Available to Customers?

Not currently, but we plan to make it available on CheckMates in the coming weeks.

Any Plans to Embed MITRE Information in the Threat Prevention Dashboard or Similar?

We are working on adding many aspects of the MITRE ATT&CK framework to all of our products. The first visible one will be adding the observed techniques to the SandBlast Agent Forensics reports. Additional functionality is planned.

For Endpoint, Do You Collect and Correlate the Windows Events?

As part of SandBlast Agent, yes.

0 Kudos
Julian_Sanchez
Collaborator
‎2019-12-12 07:59 AM
In response to PhoneBoy

Hello mate, 

Do you know if it is available on checkmates yet? or in the webpage the checkpoint for partners?

thanks

PhoneBoy
Admin
Admin
‎2019-12-13 09:56 AM
In response to Julian_Sanchez

Not yet as we are still validating the mapping.
We expect to make it available around the CPX timeframe.
William_Gutierr
Participant
‎2020-04-30 01:46 PM
In response to PhoneBoy

Hello folks,

 

No updates about it?

0 Kudos
Paul_Gademsky
Employee Employee
Employee
‎2020-12-16 11:34 AM
In response to PhoneBoy

@PhoneBoy 

I'm trying to find the MITRE ATT&CK view in R80.40 (which it promises is there in 'whats new'.

I do have it in R81 available as a 'view' item, but it can not be exported (one of the few that can't).

Support does not seem to have a download for it either, and it's not in the tools section that @Danny has been populating with goodies.

Can you find out where it can be obtained for R80.40?

0 Kudos
Danny
Champion Champion
Champion
‎2020-12-16 12:13 PM
In response to Paul_Gademsky

It's planned to be released for R80.40 as a SmartConsole Extension. As far as I know it is not available yet.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-16 03:54 PM
In response to Paul_Gademsky

I do see a reference to the MITRE ATT&CK fields in the R80.40 JHF (Take 53 and above)...
Do you have that installed?

0 Kudos
Oren_Koren
Employee Alumnus
Employee Alumnus
‎2020-12-17 12:24 AM

SmartView dashboard - it was added to R81 (not R80.40 yet)

Extension - we are working on a new extension for R80.30 and above for MITRE - if you want to test it out, just send me an email and i will gladly share it with you to get your inputs 🙂

orenkor@checkpoint.com

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events