Decoding Cyber Threats: A Practical Guide to Using Attack Trees

Speakers: Gert-Jan Bruggink (Venation, NL), Sherman Chu (Deloitte, US) Gert-Jan Bruggink specializes in helping leaders make informed decisions on risk to prioritise security investment. He supports teams all over the world in understanding adversary tradecraft through threat-informed security programs and providing leaders actionable threat intelligence products. Gert-Jan founded boutique firm ‘Venation’ to pioneer the field of structured threat content through cyber threat intelligence subscription and advisory services. Previously, Gert-Jan co-founded innovative start-ups, fulfilled a cyber threat intelligence leadership role at a Big Four accounting firm, and held security engineering roles at a security integrator. Sherman is a Manager at Deloitte, focusing on helping clients build threat intelligence and detection capabilities. He specializes in threat intelligence, incident response, threat hunting, and detection engineering. A US Army veteran, Sherman previously led the technical threat intelligence team at New York City Cyber Command. --- Acknowledging a systematic and time-tested methodology dating back to 1982, this session explores the intricate method of "Attack Trees". To this day it still offers a powerful holistic approach to modeling security threats and their sequential actions against assets but is regularly forgotten in favor of more contemporary methodologies. This methodology still remains a powerful tool both for visualizing complex attack sequences to business leaders and effective stakeholder engagement. Navigating the fundamental concepts of Attack Trees, emphasizing their relevance in contemporary cyber threat intelligence. Attendees gain insights into how Attack Trees provide a comprehensive framework for analyzing real-life threat activity threads. By combining elements from MITRE ATT&CK, the Diamond Model of Intrusion, and the attack tree methodology, the presenters demonstrate how even to this day the methodology can enable cybersecurity professionals to collate threat actor activities and assess realistic defensive measures. From identifying sequential stages and nuanced tactics to visualizing attack chains, this exploration promises practical applications for daily use. After the session, attendees will have a clear understanding of how they can apply the Attack Tree’s method and leverage their own knowledge of the threat landscape, their organization’s threat surface, and their defender’s capability and resources to derive feasible defensive measures to detect and stop threat actors from reaching their goals.