Blue Team

MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data – Mike Nichols – PSW #651

May 15, 2020

Sponsored By

Visit for more information!

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.

To learn more about Elastic Security, visit: for all the latest episodes!
Full Episode Show Notes

MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data

Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results:


[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Mike Nichols Mike Nichols - Head of Product, Elastic Security [/caption]


  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting and clicking the button to join the list!

[audio src=""]

prestitial ad