Skip Navigation
Get a Demo
 
Share
Resources Webinars

Tidying up your nest: Validating ATT&CK technique coverage using EDR telemetry

Endpoint Detection & Response (EDR) telemetry offers defenders a powerful tool for catching threats. However, understanding how to validate ATT&CK technique coverage using EDR telemetry can be a challenge.

On-Demand

50 mins.

Virtual

Endpoint Detection & Response (EDR) telemetry offers defenders a powerful tool for catching threats. However, understanding how to validate ATT&CK technique coverage using EDR telemetry can be a challenge.

 

As Detection Validation Engineers at a Managed Detection & Response (MDR) provider that ingests nearly a petabyte of endpoint telemetry every day, we’re in the unique and necessary position to analyze EDR telemetry at scale and validate its efficacy against common adversary tradecraft.

After providing a brief introduction to EDR telemetry, we’ll discuss how to break ATT&CK techniques down to individual data components, perform functional tests, analyze the ways that specific actions translate to telemetry records, and compare this analysis across different EDR sensors.

Join us and learn:

  • The tooling to assist in running these tests and analyzing the resulting telemetry
  • How security teams can improve their own functional testing efforts by creating an automated validation workflow
  • How this approach has enabled us to more effectively understand and use EDR telemetry, highlighting where this telemetry excels and fails at detecting ATT&CK techniques

Finally, we’ll talk about how you, too, can get started with validating your systems and why ATT&CK is a useful framework in discussing validation.

MEET THE SPEAKERS
 
Adam Ostrich
Senior Detection Validation Engineer
Adam is passionate about the intersection of technology and human behavior that encompasses cybersecurity, and he enjoys writing software and automating human processes in ways that are both user-friendly and robust. After nearly a dozen years working for the DoD, he joined Red Canary in 2022, where he builds tools, analyzes EDR telemetry, and works across different groups to improve Red Canary’s detection engine and processes.
Adam is passionate about the intersection of technology and human behavior that encompasses cybersecurity, and he enjoys writing software and automating human processes in ways that are both user-friendly and robust. After nearly a dozen years working for the DoD, he joined Red Canary in 2022, where he builds tools, analyzes EDR telemetry, and works across different groups to improve Red Canary’s detection engine and processes.
 
Jesse Brown
Senior Detection Validation Engineer
Jesse works alongside a talented team dedicated to quickly identifying and remediating threats in customer environments. He enjoys dissecting malware and adversary techniques to help improve the Red Canary detection engine. Jesse holds a Master's of Professional Studies in Cybersecurity and Information Assurance from The Pennsylvania State University. In his spare time, he enjoys restoring old cars and spending time with his family.
Jesse works alongside a talented team dedicated to quickly identifying and remediating threats in customer environments. He enjoys dissecting malware and adversary techniques to help improve the Red Canary detection engine. Jesse holds a Master's of Professional Studies in Cybersecurity and Information Assurance from The Pennsylvania State University. In his spare time, he enjoys restoring old cars and spending time with his family.
 
 
 
 
Back to Top