Αναζήτηση επιθέσεων και εξομοίωση αντιπάλου με χρήση του MITRE ATT&CK Framework
Threat hunting and adversary emulation through MITRE ATT&CK Framework
View/
Keywords
Blue team ; Red team ; Advanced persistent threats ; Threat intelligence ; Proactive defense ; Adversary emulation ; Attack coverage assessment ; Purple team ; Pyramid of Pain ; DetectionLab ; Atomic Red Team ; Caldera ; VECTR ; Threat detection engineeringAbstract
Nowadays attackers are constantly trying to compromise organizations with advanced and stealthy methods. On the other hand, organizations are trying to encounter these threats by employing reactive approaches that focus on responding and preventing immediate incidents by using cutting edge technology solutions such as next Next-Generation Firewalls, SIEMs, EDRs, IPSs etc.
These solutions do help by improving the overall security posture of the organization but still remain ineffective against modern Advanced Persistent Threats (APTs) that are able to perform stealthy and sophisticated attacks. In the recent years, new proactive defense approaches such as Threat Hunting have been introduced as part of a solution to this problem that enable organizations to quickly identify and respond to any potential attacks that have not been identified by the security solutions in use but are still not good enough against APTs.
In this thesis, a proactive defense hybrid methodology is presented as a solution to this problem in order to improve the detection capabilities of a Blue Team by combining Threat Intelligence, Threat Hunting and Adversary Emulation though MITRE ATT&CK Framework. The methodology aims to help Blue Teams build an effective and continuous Detection Engineering process focused on combating APTs. The presented methodology enables Blue Teams that lack the ability or the resources to perform complex Purple Team engagements or Adversary Emulation exercises on their own to produce the necessary adversary behavior telemetry in order to be able to test their existing detection capabilities and tools, to identify visibility gaps within their environment, and to create new detection mechanisms that will help them respond to sophisticated attackers.
The final desired output of this approach would be the establishment of a continuous process within the organization, based on the methodology presented, in order to constantly test, measure and improve the effectiveness of the Threat Detection Engineering program so as to improve the overall security posture of the organization.
Postgraduate Studies Programme
Ασφάλεια Ψηφιακών ΣυστημάτωνDepartment
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών ΣυστημάτωνNumber of pages
127Language
GreekCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα