WEBVTT 00:00.000 --> 00:02.820 >> Welcome to Module 2. This module 00:02.820 --> 00:03.930 is split into four lessons, 00:03.930 --> 00:07.270 which we'll explore the various benefits of using ATT&CK. 00:07.460 --> 00:11.640 Specifically, we'll discuss 00:11.640 --> 00:13.020 the diversity of information captured 00:13.020 --> 00:14.820 within ATT&CK and how also enables us in 00:14.820 --> 00:15.810 a broad spectrum of 00:15.810 --> 00:18.435 cybersecurity practices and operations. 00:18.435 --> 00:21.210 We'll also explore how ATT&CK can be 00:21.210 --> 00:23.600 used to quantify various cybersecurity metrics, 00:23.600 --> 00:25.950 and how the common language created by ATT&CK can 00:25.950 --> 00:27.315 help us efficiently communicate 00:27.315 --> 00:28.905 about how certain behaviors. 00:28.905 --> 00:31.815 Without further ado, let's dive in. 00:31.815 --> 00:33.765 Welcome to Module 2, 00:33.765 --> 00:37.060 Lesson 1 community perspective. 00:37.480 --> 00:40.280 In this lesson, we will explore 00:40.280 --> 00:42.380 the various sources of information that build 00:42.380 --> 00:45.620 ATT&CK and appreciate how attack benefits 00:45.620 --> 00:48.840 from this diversity of knowledge and perspectives. 00:50.810 --> 00:53.130 As you recall from Module 1, 00:53.130 --> 00:54.320 ATT&CK is built from 00:54.320 --> 00:56.465 publicly available reporting and documentation, 00:56.465 --> 00:58.280 as well as insights, feedback, 00:58.280 --> 01:00.785 and contributions from the global community. 01:00.785 --> 01:02.520 While the MITRE ATT&CK team does 01:02.520 --> 01:04.505 curate and maintain his collective knowledge, 01:04.505 --> 01:07.250 this dependence on publicly available reporting and 01:07.250 --> 01:11.000 contributions makes ATT&CK very much a team effort. 01:12.770 --> 01:14.990 To highlight this, let's 01:14.990 --> 01:16.820 take a look at some content within ATT&CK. 01:16.820 --> 01:18.290 In this case, we're looking at 01:18.290 --> 01:20.120 the Turla group page and 01:20.120 --> 01:23.150 the short description provided by the ATT&CK team. 01:23.150 --> 01:25.430 All this description was drafted 01:25.430 --> 01:27.860 and authored and published by the ATT&CK team. 01:27.860 --> 01:30.785 It is based on publicly available reporting 01:30.785 --> 01:33.510 that you yourself can go check out. 01:36.430 --> 01:39.740 This also extends to various other objects 01:39.740 --> 01:42.935 within ATT&CK, most importantly, procedures. 01:42.935 --> 01:45.650 In this tastes, we can see the various techniques and 01:45.650 --> 01:48.680 some techniques mapped to the Turla group are 01:48.680 --> 01:51.035 all reference back to publicly available in 01:51.035 --> 01:55.260 reporting that we can dive into for more details. 01:57.310 --> 02:00.000 ATT&CK very much depends on and 02:00.000 --> 02:03.340 appreciates all of the contributors. 02:04.780 --> 02:07.055 You can go to individual pages 02:07.055 --> 02:08.420 and check out the contributors. 02:08.420 --> 02:12.060 But we also have a full listing on our contributors page. 02:12.430 --> 02:15.380 As you can see, this list contains 02:15.380 --> 02:17.330 a lot of key industry thought leaders and 02:17.330 --> 02:19.520 organizations which really build 02:19.520 --> 02:23.100 to the full power and perspective of ATT&CK. 02:25.330 --> 02:27.890 This diverse perspective results in 02:27.890 --> 02:30.425 a breadth of ideas and operational applications. 02:30.425 --> 02:33.320 As we see the adversary behaviors capturing ATT&CK 02:33.320 --> 02:37.770 span a wide range of domains and ideas. 02:39.800 --> 02:42.370 With that, we've reached our knowledge check for 02:42.370 --> 02:44.460 Lesson 1. True or false. 02:44.460 --> 02:46.720 MITRE collects proprietary, classified, 02:46.720 --> 02:48.340 or otherwise sensitive data to 02:48.340 --> 02:50.485 use as references within ATT&CK? 02:50.485 --> 02:52.960 Please pause the video and take 02:52.960 --> 02:53.680 a moment to think about 02:53.680 --> 02:56.390 the correct answer before proceeding. 02:59.480 --> 03:03.000 In this case, the answer is false. 03:03.000 --> 03:05.110 As we said before, MITRE uses 03:05.110 --> 03:07.495 publicly available cyber threat intelligence 03:07.495 --> 03:11.240 that anyone can access as the references for ATT&CK. 03:12.380 --> 03:15.670 With that, we've reached the end of Lesson 1. 03:15.670 --> 03:17.770 In summary, ATT&CK is built from 03:17.770 --> 03:19.950 publicly available cyber threat intelligence, 03:19.950 --> 03:21.110 as well as insights and 03:21.110 --> 03:23.590 citable contributions from the global community. 03:23.590 --> 03:26.960 This results in a great benefit for ATT&CK as we capture 03:26.960 --> 03:29.210 a wide perspective of 03:29.210 --> 03:32.100 technology and operational use cases.