Most Security Operation Center work with use-cases to manage their detection and response capabilities. When it comes to the use-case development, many organisations turn to the MITRE ATT&CK Framework as a starting point. Even though ATT&CK is not a use-case framework, as it was originally developed as a taxonomy tool for threat intelligence. But it has valuable information we can use to identify and prioritise potential detection use-cases. Identifying the use-cases is an important first step. But how are we to ensure the use-cases are implemented in a timely fashion. We then need to prioritise and ensure that we adapt our prioritisation to changes in the threat landscape and the business environment. This is where methods and principles of agile software development can help us. In this talk I will show you how to combine a data-based method to prioritise ATT&CK techniques with ideas from the agile software development for their implementation. With this approach you can ensure an efficient use of your resources and focus on the right use-cases at the right time. The agile methods will allow you to constantly grow and evolve your detection capabilities.

About the speaker

Bruno Blumenthal

Partner and Member of the Board at Temet

Bruno Blumenthal has over 20 years of experience in information security and cybersecurity. His expertise lies in security governance, strategy and organisation as well as risk management. He continuously monitors emerging trends such as cloud computing and AI to assess their impact on security organisations and their governance. As a consultant, he has developed security strategies and architectures, defined security policies and helped clients improve their security organisation across various industries. He has also been responsible for global information security in international organisations. Bruno Blumenthal is a Partner and member of the Executive Board at TEMET AG, where he helps clients navigate the challenges of cybersecurity.
Read more …