McLean, VA | October 28-30, 2019

As one of MITRE’s proud supporters, Red Canary is thrilled to join some of the brightest minds in security for the second annual ATT&CKcon. This hybrid online and in-person conference includes a variety of presentations and practical training.

Stop by the Red Canary booth to pick up a t-shirt and talk with our team about how we integrate ATT&CK. And don’t miss our two educational talks by Keith McCammon and Tony Lambert! Details are below.

Tony Lambert, Detection Engineer

Alertable Techniques for Linux Using ATT&CK

Tuesday, October 29 | Morning Session

Not every ATT&CK technique is alertable and not all of them provide the same value for immediate detection. This session will introduce the concept of alertable detections using Linux ATT&CK techniques as a case study.

Get to know Tony


Keith McCammon, CSO & Co-founder

Prioritizing Data Sources for Minimum Viable Detection

Wednesday, October 30 | Morning Session

ATT&CK includes a list of the data sources necessary to observe an adversary leveraging a given technique. But in the same way you can’t build alerts for every technique, you can’t gain access to every data source. How do you effectively prioritize data sources to get the best returns on your visibility investments?

Get to know Keith


Brian Donohue, Research Production Manager

A Love Song for Heat Maps

Wednesday, October 30 | Lightning Talk

This talk will explore how security professionals can turn their internal security data into community intelligence that enumerates the threats that occur most often, enabling us all to establish data-based priorities that guide the way we spend our money and time—whether we’re buying, developing, or selling security tools.

Get to know Brian
ATT&CK™ Is Only as Good as Its Implementation: Avoiding Five Common Pitfalls
Getting Started with ATT&CK? New Report Suggests Prioritizing PowerShell
MITRE ATT&CK Deep Dive: Persistence
First Look: 2020 Threat Detection Report