Detection: Challenging Paradigms

Episode 37: Steve Luke and Roman Daszczyszak

Dec 22, 2023

MITRE's Center for Threat Informed Defense (CTID) members discuss Summiting the Pyramid project, analyzing adversary behaviors in cyber, trade-offs in attack analysis, making analytics robust, evasion and false positives in detection, balance between precision and recall, and encouraging user feedback.

01:12:10

Creator website

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Summiting the Pyramid project by MITRE's CTID provides a unified method of grading detection efficacy, allowing for improved detection programs in organizations.

Comprehending adversary behaviors is crucial for enhancing detection practices and building stronger defenses.

Going beyond surface-level detections and focusing on behaviorally-focused analytics can improve detection effectiveness and the understanding of different levels of the pyramid of pain and attack framework.

Deep dives

Analyzing cyber defenses and creating robust detections

The podcast episode focuses on creating robust and well-thought-out detections. The guests, Steve and Roman from MITRE's Center for Threat and Form Defense, discuss the summoning the pyramid project and its goal of improving understanding and implementation of robust analytics. The project breaks down analytics into different components, such as observables and telemetry sources, to evaluate their robustness. They use a 2D model to map the levels of analytics and event robustness, allowing for a more precise scoring and categorization of analytic effectiveness. By considering factors like data sources, behavior, and sensor robustness, defenders can develop more effective and resilient detection strategies.

The Probability of Zero False Positives

01:20

The Role of Analytics in Analytics

01:20

The Purpose of Summoning the Pyramid

01:20

The Importance of Robustness

01:20

Introduction

2min

Applying knowledge of adversary behaviors in cyber

18min

Trade-offs in Analyzing Adversarial Attacks

17min

Analytic Robustness and Resilience

26min

Evasion, Exclusion Clauses, and False Positives in Detection

4min

Trade-off between Precision and Recall in the Classic Rock Curve

3min

Encouraging the use of 'somebody in the pyramid' system and user feedback

2min

The Summiting the Pyramid project by MITRE's Center for Threat Informed Defense (CTID) released in September 2023, allowing for a unified method of "grading" detections for efficacy. Two of the pivotal members of that project join Jared and Luke to talk about how it came to be, and how it can be used to further the detection program of any organization!

Project Links:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Detection: Challenging Paradigms

Episode 37: Steve Luke and Roman Daszczyszak

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Analyzing cyber defenses and creating robust detections

The importance of understanding adversary behavior

Analyzing the pyramid of pain and attack framework

The importance of analyzing file play

Balancing recall and precision in analytics

The Probability of Zero False Positives

The Role of Analytics in Analytics

The Purpose of Summoning the Pyramid

The Importance of Robustness

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Detection: Challenging Paradigms

Episode 37: Steve Luke and Roman Daszczyszak

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Analyzing cyber defenses and creating robust detections

The importance of understanding adversary behavior

Analyzing the pyramid of pain and attack framework

The importance of analyzing file play

Balancing recall and precision in analytics

The Probability of Zero False Positives

The Role of Analytics in Analytics

The Purpose of Summoning the Pyramid

The Importance of Robustness

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights