With so many attack vectors and so many detective and preventive measures available, security practitioners are swamped with decisions on what security measures to prioritise and deploy. Enabling and deploying everything available can be counterproductive and overwhelming, leading to ineffective operations with unhappy analysts and with employees rebelling against too many controls. How do you identify the most effective security measures to minimise the risk and impact of a breach without ruffling too many feathers?

One popular way of framing conversations about security coverage is by using the MITRE ATT&CK Framework and the ATT&CK Navigator. The same framework can be used to prioritise what to deploy by excluding and scoring Techniques using various methodologies. In this talk we will highlight the various ways this is done and how you can implement these prioritisation methodologies in practice to maximise the impact of your efforts.

Speaker's bio:

Floris Ladan is a Security strategist at Splunk. My philosophy on creating successful and secure organizations: people first, process second and technology last. As creator of the Magma use case framework I have been specialising in value driven Security operations and security strategy and this is what I also bring to customers as a sales engineer at Splunk. I am an experienced agile product owner for SOC teams and thrive on coaching and mentoring as a leadership style to help people and teams shine. Experience in goal driven leadership and working under pressure in critical security situations have given me a broad experience not only in incident response but building strategies, roadmaps to incrementally improve security strategies.