Measuring Cyber Defense with the MITRE Framework


View Recording



View Slides


The MITRE ATT&CK framework provides a common taxonomy for adversary behaviors. Based on this body of knowledge, detection capabilities can be measured, tracked and compared. These capabilities are often measured at an atomic level. However, real adversaries combine multiple steps in an attack flow. To address this MITRE created the Attack Flow project. Its goal is to develop a data format to describe the sequence of adversary behaviours.

We will take a deep dive into the current state of the art of tools and processes. Here we show what is possible and where the current limitations of the frameworks are. Participants will be able to utilize future methodologies to measure the effectiveness of the information security of their systems.

Marcus Osterloh

Marcus is a security consultant in his own company with the focus on the combination of attack and defense.

He is passionate in deep dive anlysis of security relatied things and automating stuff. For this purposes Python is always a good friend.

In his former life he studied computer science and IT security. During this time he worked in different scientific projects and researched topics like malware analysis and reverse engineering.

After that he focused on the offensive site of cyber security, while he developed his own toolsets for the sake of efficiency and fun.