10:45 AM - 11:10 AM (PDT)
Mind the Gap: From CTI to Defensive Improvements with Community Resources

Identifying adversary behaviors that matter to your organization has always been a difficult task. The purpose of this talk is to help close that gap by exploring adversary behaviors communicated through MITRE ATT&CK and Tidal Cyber. Traditionally, teams have had to wade through large volumes of unstructured CTI to surface the most relevant groups, software, or campaigns, adding so much time that the exercise becomes prohibitive. We will show how structured metadata around threats, such as motivations, sectors, and victim locations unlocks achievable "threat profiling", and how pivoting to relevant techniques, defenses, & tests (and more) allows teams to actually take action in line with their unique profile.


  • Narrow down threats through freely available Tidal Cyber community edition
  • Easily find overlap across identified threats and explore which products have capabilities to test or defend against
  • Expand your knowledge base via Technique Sets and capture important information such as procedures


Session Survey