Philosophies & Perspectives

Last Modification

Conventional Wisdom in Defense

Source: MITRE ATT&CKcon 2018, John Lambert, Microsoft, - Keynote Presentation

Traditional Defenders Modern Defenders
Defend a list of assets Defend a graph of assets
Manage incidents Manage adversaries
Minimize risks by keeping incidents secret Maximize learning by sharing with trusted outside peers
View pentest results as a report card View pentest results as an input
Think about stopping attacks They think about increasing attacker requirements


Source: Unknown

Security Vocabulary for Non-Security Executives

Source: MITRE ATT&CKcon 2018, Elly Searle, Lead Content Strategist, CrowdStrike

ATT&CK Tactic Explain it to a non-security person Objective ATT&CK Layer
Initial Access Get into your environment Gain access Layer 1
Execution Run malicious code Follow through (steal/break) Layer 1
Persistence Maintain foothold Keep access Layer 1
Privilege Escalation Gain higher level permissions Gain (more) access Layer 2
Defense Evasion Avoid detection Keep access Layer 2
Credential Access Steal logins and passwords Gain access Layer 3
Discovery Figure out your environment Explore Layer 3
Lateral Movement Move through your environment Explore Layer 4
Collection Gather data Follow through Layer 4
Exfiltration Steal data Follow through Layer 4
Command and Control Contact controlled system Contact controlled systems Layer 5

Vocabulary Use: The adversary is trying to Objective by Tactic using Technique.

Example: The adversary is trying to gain access by stealing logins and passwords using credential dumping.

Example: The adversary is trying to keep access by avoiding detection using process hollowing.