logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

Center for Threat-Informed Defense:
Asia-PACific 2024 Event

Asia-Pacific ATT&CK Community Workshop

April 25-26, 2024
SINGAPORE | Online

Citi logo

We are grateful to our sponsors and everyone who participated in the 2024 Asia-Pacific ATT&CK Community Workshop.  

2024 marked the inaugural event during which regional security operations practitioners and avid users of  MITRE ATT&CK  gathered in Singapore, to network, learn, and advance threat-informed defense through hands-on training and practitioner-led lighting talks.  

Presenters from across the Asia-Pacific region shared their work related to ATT&CK whether it’s best practices, worst practices, or something completely different. 

We invite you to watch and share these insightful talks! 

Explore the talks from 2024 Asia-Pacific ATT&CK Workshop on our YouTube playlist.

PRESENTATIONS

CHANGING THE GAME THROUGH GLOBAL COLLABORATION

Jon Baker, Speaker

Join Jon Baker, Director and Co-Founder for the Center for Threat-Informed Defense as he outlines what threat-informed defense is, and how, working through a collaborative R&D model pulling on the ATT&CK framework, together, we are changing the game on the adversary through global collaboration.

ATT&CKING THE OPERATOR: DISRUPTING THE RANSOMWARE PARADIGM SHIFT

Speaker: Nick Lowe
Senior Director, Intelligence Services at Recorded Future, Recorded Future

The increasing frequency and severity of criminally motivated cyber attacks continues to surge as adversaries accelerate their operational tempo. As the barriers to entry for ransomware operators continue to lower, criminal adversaries increasingly favor extortion over encryption as their reliance on malware diminishes. With more and more ransomware intrusions involving no ransomware binary, defenders face a paradigm shift that necessitates a new approach to ransomware mitigation.

Learn how defenders can leverage the MITRE ATT&CK enterprise framework to focus defensive efforts to better understand and frustrate the human on the other side of the keyboard, stopping criminal adversaries in their tracks by proactively hunting operator behaviors, rather than malware.

HOW TO CONDUCT THREAT HUNTS WITHOUT A THREAT HUNT TEAM

Speaker: Jeremy Ang
Senior Threat Intelligence Analyst, ICE

In recent years, the cost and impact of security breaches are increasing while conversely the adversary breakout time is decreasing. To address the emerging cyber threats, organizations have started to adopt a more proactive approach to cyber defense: enter Threat Hunting. This talk covers details of the people, process and tools applied in an internal threat hunt initiative. By leveraging the MITRE ATT&CK framework, we share some quick wins that organizations with or without a threat hunting program can immediately implement within their environment.

PURPLE TEAMING WITH ATTACK FLOW

Speaker: Denise Tan
Red Team Analyst, Citi

Explore a new way of conducting purple teaming by incorporating MITRE CTID’s Attack Flow into your methodology. Shift from looking at TTPs in siloed test cases to looking at TTPs from an attack flow perspective. By examining gaps in the flow, defenders are better equipped to decide which parts of the attack campaign to prioritize their resources in to efficiently improve the organization’s security posture. The presentation showcases a sample attack flow based on an example purple team exercise which emulates a certain APT group.

M3ASURING THE THREAT: UNDERSTANDING AND IMPROVING DETECTION COVERAGE USING MITRE ATT&CK

Speaker: Raymond Schippers
Engineering Director – Threat Detection and Response, Canva

Speaker: Jasmina Zito
Cyber Threat Intelligence Lead, Canva

Raymond and his team have been exploring how to leverage ATT&CK to enable cyber threat intelligence that can drive threat detection coverage priorities. By using ATT&CK as a common language between various teams, they can measure their detection coverage, prioritize threat detection, and enhance reporting to the business. This approach has proven to be very effective in improving the measurability and performance of threat detection.

THE MAGIC OF CROSS PLATFORM THREAT DETECTION

Speaker: Till Jager
Collective Cyber Defense Customer Advocate, SOC Prime

Learn how the new Open-Source Language for Collective Cyber Defense “RootA” accelerates Threat Detection Engineering in the Light of Threat Informed Defense and how it complements existing approaches like SIGMA.

EVOLVING THREATS: KEEPING UP WITH THE CHAMELEONS

Speaker: Ye Yint Min Thu Htut
Offensive Security Specialist, DBS Bank

Adversary tactics, techniques, and procedures (TTPs) are constantly evolving. Simply validating and preventing their previously known techniques, based on past campaigns, might not be comprehensive. Identifying and tracking potential variant techniques has become essential, enabling us to go beyond covering known techniques. However, the task of identifying and tracking these variant techniques granularly presents challenges. This presentation discussed potential solutions and shared approaches to addressing these challenges.

[Provided for reference only. Shared Content Not Available]

SELECTIVE SIMULATION: TAILORING ATT&CK TECHNIQUES TO YOUR THREAT LANDSCAPE

Speaker: Guillaume Brodar
Cyber Threat Intelligence Lead, DBS Bank

The ATT&CK dataset provides an extensive list of TTPs that can be used to simulate the behavior of Threat Actors within a controlled environment and validate their associated preventive and detective measures.

This presentation argued that the number of TTPs present in the ATT&CK corpus and their technical implementation is too large to be covered efficiently and that there is thus a need for prioritization. It then introduced a scoring method that classifies the Threat Actors according to their intent and capabilities. This scoring serves as a basis to evaluate and rank the importance of each TTP deployed by the Threat Actors most susceptible to affect our organization.

The resulting classification is a list of TTPs that need to be prioritized for both Red and Blue Teams. A gap analysis of each side’s capacities will drive Purple teaming efforts on an iterative basis.

[Provided for reference only. Shared Content Not Available]

MITRE ATT&CK® ROADMAP

Speaker: Amy Robertson
ATT&CK Engagement Lead, MITRE

Join Amy Robertson, ATT&CK Engagement Lead, as she outlines the 2024 ATT&CK Roadmap to bolster broader usability and enhance actionable defensive measures for practitioners across every domain. 

OPERATIONALIZING A DEDICATED CYBER ANALYTICS ENGINE (CAE) FOR ADVANCING ARTIFICIAL INTELLIGENCE THREAT-INFORMED DEFENSE

Speaker: Neo Lam
Partner, Cyber Detect & Response, Deloitte

AI-based methods can address the shortcomings of the rule-based detection methods and make threat-detection more robust and reliable. This presentation will share an example in training and operationalizing dedicated artificial intelligence (AI) model and a Cyber Analytics Engine (CAE) for threat -detection, which improves detection and response. To advance the Threat-Informed Defense, the model is trained to present the confidence level and probability for the detection of TTP. The use of AI models could reduce the risk from the known TTPs within MITRE ATT&CK framework and the unknowns.

[Provided for reference only. Shared Content Not Available]

GPT-POWERED MITRE ATT&CK COPILOT

Speaker: Steve Ng
Co-Founder and CEO, SporeX

This workshop explores the groundbreaking integration of Generative Pre-trained Transformer (GPT) technologies with the ATT&CK framework, highlighting its potential to revolutionize cybersecurity defense mechanisms, threat intelligence analysis, and incident response strategies. As cyber threats become increasingly sophisticated, leveraging advanced technologies like GPT to enhance the MITRE frameworks such as ATT&CK for enterprise, mobile, and ICS can significantly augment an organization’s ability to understand, predict, and mitigate cyber threats. The integration of AI and machine learning offers unprecedented opportunities for automating threat intelligence, enhancing decision-making processes, and developing more resilient cybersecurity postures.

ATT&CK SIMULATION – DEMOCRATIZING THE RED TEAM TOOLKIT FOR ALL DEFENDER

Speaker: Mitch Ryan
Security Solutions Architect, Splunk

In an era of constantly evolving cyber threats, it’s crucial to stay ahead of adversaries. Join Mitch as we explore how the blue team can use open-source toolkits that leverage MITRE ATT&CK to build a threat informed defense.

Attack Simulation democratizes the red-team process, giving all blue team defenders the ability to think like an attacker, applying simulated attacks to purpose built infrastructure. This builds organizational intelligence that helps understand, detect and defend against contemporary attacks.

Learn how to use open-source tools to simulate attacks, train your teams, learn security techniques, and apply an assume breach mindset, in the safety of a purpose-built isolated environment.

FURTHER POWERING UP ATT&CK POWERED SUIT WITH GENAI

Speaker: Toshitaka Satomi
Cyber Threat Intelligence Researcher, Fujitsu

ATT&CK Powered Suit (APS), is a groundbreaking browser extension designed for rapid access and utilization of the MITRE ATT&CK Knowledge Base. Join the tool’s initial developer, Toshitaka, as he begins by outlining the current status and functionalities of APS, highlighting its significance in the cybersecurity landscape. After sharing the development journey of APS, Toshitaka details the challenges encountered, the strategic decisions made, and the unique insights gained from the perspective of its creators.

Toshitaka, implemented the integration with OpenAI in the latest APS version and tried to validate whether his hypothesis was correct or not using the tool. Through this practice, he explains the practical applications of these capabilities, addresses the challenges they face, and provides recommendations for overcoming these obstacles.

Finally, Toshitaka explains the big picture of APS and AI as well as future research challenges.

APPLYING THREAT-INFORMED APPROACH FOR FIT-FOR-PURPOSE CYBERSECURITY TARGET MATURITY SETTING FOR ORGANISATIONS

Speaker: Ray Zhou
Lead Cyber Security Consultant, Ensign Infosecurity

Senior executives are challenged with a limited budget, talent shortages and increasing expectations by their organization’s stakeholders to do more for cybersecurity in the wake of recent high profile cybersecurity incidents. The common question for these executives that are accountable and responsible for cybersecurity is – Where to begin?

UPDATES FROM THE CENTER FOR THREAT-INFORMED DEFENSE

Speaker: Suneel Sundar
Director, Research and Development, Center for Threat-Informed Defense

The Center for Threat-Informed Defense released five new projects in the first quarter of 2024, and this momentum will carry through the calendar year. You can use the Center’s latest research to advance your understanding of insider threats, make data driven decisions about your defenses, search and explore a rich corpus of security capabilities mapped to MITRE ATT&CK®, and measure your threat-informed defense. Join Suneel Sundar, Center Director, Research & Development as he outlines the Center’s 2024 Roadmap.

SPONSORS

The Asia-Pacific Community Workshop was brought to you by the Center for Threat-Informed Defense and hosted by Citi Group, a Center for Threat-Informed Defense Research Partner with the generous support from the following Sponsors & Supporters

Logo of acronis in blue uppercase letters on a white background.
Logo of deloitte featuring the company name in bold black letters with a green dot over the letter 'i'.
Fortinet
Lloyds banking group logo.
SOC Prime logo

SUPPORTERS

Logo of acronis in blue uppercase letters on a white background.
Logo of "crest" featuring an abstract, interconnected design in blue and green above the capitalized word crest.
A white organizational chart with four connected blocks, displayed on a solid navy blue background.
Logo of first (forum of incident response and security teams) featuring stylized green text, an orange dot over the 'i', and a slogan: "improving security together.
Logo of mitre corporation featuring bold blue text "mitre" and the tagline "solving problems for a safer world" in smaller gray text.
Logo of ot-isac, featuring a stylized hexagonal icon next to the acronym in blue, with the full name below: operational technology information sharing and analysis center.
Logo of sgtech, featuring bold red and grey text, with the slogan "where tech meets" underneath.