Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

In this course, you will learn about the use of open source Blue Team Tools, and the invaluable gaps they fill in enterprise security.
Course info
Level
Intermediate
Updated
Dec 9, 2020
Duration
19m
Table of contents
Description
Course info
Level
Intermediate
Updated
Dec 9, 2020
Duration
19m
Description

Blue Teams have one of the most challenging jobs in the world, finding the bad actor needle in the mound of needles. Attacker techniques are continually evolving, and the threat surface and required data for analysis is constantly increasing. In this course, Blue Team Tools: Defense against Adversary Activity using MITRE Techniques, you'll cover how to utilize Blue Team Tools to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. First, you'll learn the purpose and origin of Blue Team Tools and the functions that they fulfill in modern cybersecurity organizations. Next, you'll leverage MITRE ATT&CK and Shield to get a 360-degree view of attack scenarios and the data and capabilities you need to stop them. Finally, you'll analyze your organization's tooling gaps and how Blue Team Tools can fill them. When you're finished with this course, you'll have the skills and knowledge to leverage the Blue Team Tools skill path to enable your security organization to evolve their capabilities as fast as the threat actors you are defending against.

About the author
About the author

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation.

More from the author
Elastic Stack: Getting Started
Beginner
1h 41m
Feb 4, 2021
More courses by Aaron Rosenmund
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello, I'm Aaron Rosenmund, and welcome to Pluralsight and this course on leveraging Blue Team tools to defend against adversaries using MITRE techniques as a guideline. This course serves as the introduction to the Blue Team tools path and how to integrate those tools into your overall enterprise security strategy from risk management to hands‑on keyboard implementation with a focus on your specific business case. Regardless of the role that you fill with in security operations, you need tools to do your job. Enterprise tools are incredibly useful, but like large ships, they take a lot of time and money and contracts to pivot quickly to changing threats. Also, consider that any sufficiently advanced adversary is going to check their attacks against market leading solutions before launching them against targets. So how do we solve this problem? Enter open source Blue Team tools. These tools can be found throughout enterprises, filling gaps in security and providing advanced defensive capabilities to keep pace with the ever‑changing threat. I'm sure you have some questions, how do enterprises effectively leverage open source tools to mitigate advanced risk, how do you relate that decision to management, and most of all, how can you make an informed decision about what technical defensive capabilities you need for analysis, detection, and inspection of cybersecurity data to stay ahead of threats. I'm looking forward to answering all of these questions and more in this course, BlueTeam Tools: Defense Against Adversary Activity Using MITRE ATT&CK Techniques.