I'm a security analyst, and my hope for this channel is to make videos that can help educate others to have a rudimentary understanding of more complex topics within the field.
This video from Cyber Gray Matter explains the MITRE ATT&CK framework, a tool used to understand cyber adversaries' tactics, techniques, and common knowledge. It's beneficial for professionals, students, and businesses, aiding both blue (defensive) and red (offensive) teams in cybersecurity. The video covers how to use the framework, search for vulnerabilities, and its applications in real-world scenarios. Takeaways 😀 The video introduces the MITRE ATT&CK framework, aiming to make it accessible to beginners and those unfamiliar with cybersecurity jargon. 🏢 MITRE Corporation, a not-for-profit organization in Bedford, Massachusetts, developed the ATT&CK framework. 💡 'ATT&CK' stands for Adversarial Tactics, Techniques, and Common Knowledge, focusing on how attackers operate and the techniques they use. 🌐 The framework is based on real-world data and reports submitted by users and researchers, making it a public resource. 💻 Both professionals and students can benefit from the MITRE ATT&CK framework, which is designed to be user-friendly even for those without dedicated cybersecurity teams. 🛡 The framework is used by both 'blue teams' (defenders) and 'red teams' (offensive security testers) to understand and counteract cyber threats. 🔍 Frameworks in cybersecurity, like grammar in language, provide a common language and understanding for various stakeholders. 🔗 MITRE ATT&CK is open and accessible, helping businesses and professionals protect themselves by understanding common vulnerabilities and threats. 💻 The framework covers not only Windows but also includes information on Linux, Mac, Android, and iOS, making it versatile for various platforms. 🔎 The MITRE website provides a searchable matrix of tactics, techniques, and procedures used by different threat groups, aiding in understanding specific attack patterns. 🔧 Tools like MITRE Detect and Atomic Red Team can be used to map data sources and emulate adversary techniques, helping to strengthen network defenses.
Awesome video. I have my comptia security+ coming up. I understand how the OSI model works but I didn't have a vision of the attack surface. This really helped. Thanks.
This video is good, but next-gen AV has leveraged behavioral detection for zero-days for a long time - well before EDRs came on the scene. The real distinction between an NGAV and an EDR is that NGAV tries to take a black-and-white approach - it is or is not malicious. If a threat is classified as malicious (by actual signature-type detection or by hitting some statistical threshold in behavioral detection) the threat will be blocked and quarantined. The difference with EDR is in the name - EDR will also notify (Detect) about "grey area" potential threats that can't be confidently classified as malicious, and provide the telemetry (events) needed so that a human can investigate and make a decision. EDRs also provide post-attack remediation (Response) tools such as device isolation, remote shells, etc. Good EDR solutions include comprehensive NGAV so that you don't waste a lot of time chasing potential threats that could easily have been blocked by an NGAV.
Thanks for your comment! I'd say study for the Security+ and get some projects going. Set up a cloud environment and find some labs on RU-vid. You can add those as experience to your resume! :)
@@animeoverlord8327 That's amazing! Congratulations!!! Definitely check out Josh Madakor here on RU-vid. He has some awesome labs, one of which you set up a vulnerable machine in Azure and let people attack it. You can view the security events in Windows and set up a map with Powershell. It's really thrilling. Also, make sure to create a LinkedIn profile and create a network with other security professionals by adding them there.
Hey thanks for your videos it was very helpful. ❤I have been worked as a senior security analyst but now I have a career gap wish to reenter cyber security field . So updating my skills can you suggest some tips like what as all skills to be covered to getting back to this field . Can You make a video on typical day in life of a security analyst . And also cover topics like Demo of SIEM tool
Thanks for your support! I can definitely make a video of a day in the life and what to expect as an analyst. It might be broader, as analysts often time wear many hats. This would also cover suggestions for the gaps you referenced. I will also do some research on SIEM labs I could set up.
Clear and crisp information, I was looking for something like this for a long time, thank you so much for sharing.. Already subscribed to your content.. 🙂
Hi, just want to say your videos are really good. Please keep them coming. I watch a few cyber sec pages and you have better content than some of the more popular RU-vidrs. Thanks for the content!
Came across your channel through your last video on Threat Hunting, and I have to say, I feel lucky to have stumbled across your channel. Regardless of the complexity of the topic, your explanations are crystal clear. Love your video on the Diamond Model as well. This is a great amount of quality for a "smaller" channel. Looking forward to your next videos and seeing this channel grow. :)
