VanVleetCompound Probability: You Don’t Need 100% Coverage to WinWhy you don’t need to have 100% attack surface coverage to have a strong chance of detecting attackers in your enterprise.Sep 51Sep 51
VanVleetMistaken Identification: When an Attack Technique Isn’t a TechniqueWhat ATT&CK Gets Wrong About PowerShell & CompanyJul 11Jul 11
VanVleetDDM Use Case: What ATT&CK Gets Wrong about Process InjectionIn this post I’ll demonstrate the value of detection data models (DDMs) for mapping attack techniques with process injection as a use case.Mar 7Mar 7
VanVleetImproving Threat Identification with Detection Data ModelsThis article is part of a series on Threat Detection. In this post, I’ll present a simplified approach to Detection Data Models and…Feb 26Feb 26
VanVleetIdentifying and Classifying Attack TechniquesIn this post, we’ll focus on the challenge of identifying and classifying events in order to detect a given attack technique.Feb 14Feb 14
VanVleetThe Threat Detection Balancing Act: Coverage vs CostDetection capacity is finite and the attack surface large. Engineers should maximize coverage and minimize cost for each deployed…Jan 232Jan 232
VanVleetThe Relative Strengths of Threat (Detection|Hunting)Using Threat Hunting and Threat Detection where they have relative advantages to build the most effective Detection/Hunt program.Jan 231Jan 231
VanVleetThreat Detection Strategy: A Visual ModelA visual model to illustrate a winning strategy for detecting threats in your enterprise.Jan 233Jan 233
VanVleetThreat Detection Engineering: The SeriesThis series is an attempt to step back from the day-to-day efforts and think about the core concepts and principles of Threat Detection and…Jan 231Jan 231