OverWatch regularly analyzes adversary behavior – and the level of detail in our malicious, targeted intrusion dataset is remarkable because of the valuable and extensive telemetry delivered by the Falcon endpoint protection platform, which OverWatch uses for threat hunting. As a result, we have accumulated a massive, rich data library of malicious activity that can be applied to the ATT&CK model.
The Falcon OverWatch team has been evaluating all OverWatch targeted intrusion data through the lens of the ATT&CK framework since Jan. 1, 2018. As a senior strategic intrusion analyst for OverWatch, I recently presented at the MITRE ATT&CK Con event.
In this video of my presentation, I share findings from the first half of the year, highlighting cases of unique adversary tactics, techniques and procedures (TTPs) the team observed. The results of this analysis provide a baseline from which we can better identify changes in threat actor TTP trends moving forward. Our results also deliver threat models that can more effectively compare TTPs among various adversary groups. This type of analysis clearly demonstrates the role CrowdStrike plays as a thought leader in understanding adversary behavior.
- Read test results for the Falcon platform on the MITRE ATT&CK Emulation website.
- Read the press release on the MITRE ATT&CK Evaluation.
- Download the white paper: “Faster Response with CrowdStrike and MITRE ATT&CK.”
- Read real-world observations from the front lines of threat hunting in the 2018 Mid-Year OverWatch Report.
- See what third-party security testers and reviewers are saying about Falcon.
- Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™ today.