Over the past several months, Duke's Information Technology Security Office (ITSO) has begun applying the MITRE ATT&CK framework as a basis for how the team collects, assesses, identifies and responds to attacker tactics, techniques, and procedures (TTPs). As the team rolls out new processes to "hunt" for attackers, a model that transitions the team's primary functions from defensive/reactive to offensive/proactive, the team will need to incorporate real time and longitudinal data analytics as well as incorporate automated responses based on these data analyses. This orchestration of the various tools and analysis of data will facilitate the automation of responses to attacker incursions. Given the amount of data, and speed needed to respond, application of machine learning techniques will be a necessary component.
Project Leads: Phillip Batton, Nick Tripp
Project Manager: Joao Alberto Capanema Mansur