Learn how to detect an attacker’s actions on your network using MITRE ATT&CK Framework.
When an organization is breached, attackers will remain on networks for months before being detected. Once the attacker has been detected, there are a myriad of questions to answer:
• How did the attacker enter the network?
• How is the attacker moving around on the network?
• What action is the attacker taking while on the network?
For an experienced professional, many of the questions are second nature. However, mapping your training to the MITRE ATT&CK (Adversarial Tactics, Techniques, & Common Knowledge) Framework ensures that not only are these questions asked; they are answered as well.