the now platform connects information security professionals like security analysts threat intelligence analysts and csos with the insights they need to get work done better every day today we are going to look at how integrating with the miter attack framework does just that we'll look at several examples of how it helps security incident handlers threat hunters and security leaders now this is the miter attack heat map and navigator a key feature and an important tool in threat intelligence but before we get too far let's quickly review what miter attack is the miter attack framework is a knowledge base of cyber attack tactics and techniques used as a foundation for the development of specific threat models and methodologies attack stands for adversarial tactics techniques and common knowledge it consists of the following five components the attack model which is the basis of attack is the set of individual techniques that represent actions that adversaries can perform to accomplish objectives the attack matrix is the relationship between tactics and techniques and can be visualized in the attack matrix tactics represent the why of an attack technique it is the adversarial's tactical objective the reason for performing an action technique represent the how an adversary achieves a tactical objective by performing an action and procedures are the specific implementation the adversary uses for techniques or sub techniques now let's go ahead and see how our security analysts could use mitre attack in responding to a security incident now right away we can see that this is a spearfishing email now in addition to the typical triage information we have immediate access to mitre attack data and the ability to provide additional mappings the miter attack tactics and techniques data was automatically mapped and associated when our security incident was created based on the category phishing when we select the links provided to us in this card we can perform further investigation and we can adjust how the data is presented in our security incident we have provided a list of associated observables but they could use more context couldn't they we can see what the observable is its type and whether or not it's malicious the mitre attack data allows additional context by associating tactics and techniques data these tactics and techniques can be extracted automatically when supplied by sensors and threat sources and we can also associate the tactics and techniques manually if needed while the security analyst works on a few incidents at a time the threat intelligence analysts often works from the very top down the data in the security analysts incident and every incident is mapped against attack patterns here in this heat map this makes it easier for threat intelligence analysts to oversee the presence of a threat and how their organizations are addressing it the mitre attack heat map and navigator allows threat intelligence analysts to view how their organizations are handling threats and helps them perform threat hunting activities now using filters the threat intelligence analyst is able to quickly and easily see data pertinent to their investigation i can toggle on a few options and even if very little data is available we can begin to the search and have the ability to see correlations and associations that may not have been so easily apparent we have a variety of filters that come out of the box to help isolate the data we're looking for we can use these filters to quickly see where and what things attackers may be concentrating on within our environment by simply selecting one of the links on the form we can easily expand our investigations by opening any of the records that are provided to us on this attack pattern we're provided with a variety of different data about this particular technique including the different adversary groups that use it in addition to this powerful new miter attack heat map and navigator we can also view this data through the stixx visualizer this feature gives us a quick and easy way to see relationships between an intrusion set and malware attack patterns and tools that they use with both analysts hard at work let's go ahead and go back to take a look at how security leaders like assiso can use the mitre attack to assist in the management of their security programs the minor attack heat map and navigator are an excellent place to understand how various defensive systems are performing and identify where there may be gaps we can gain immediate visibility into patterns where the department is seeing any concentration of incidents or is dealing with any relevant vulnerabilities it also provides a quick visual of the current security posture for detecting and defending against each of these attack techniques all of this helps the cso understand where investments of time and resources are most needed in order to thwart the attack patterns that impact the organization the most that was a brief look at the mitre attack framework that is now available for servicenow security incident response thank you