Episode 23 of the podcast covers automation for stronger cyber threat intelligence (CTI), red team, and blue team collaboration with Scythe CTO Jorge Orchilles.
- (01:25) Question 1) Explain the difference between attack simulation techniques and MITRE ATT&CK techniques and elaborate what is more useful for a blue team.
- (03:04) Question 2) Is an attack simulation more useful to a blue team than threat intelligence?
- (06:27) Question 3) In your opinion, should MITRE ATT&CK start incorporating red team techniques into their framework(s)? Why or why not?
- (07:56) Question 4) What’s a role automation can play to better remediate between numerous stakeholders following a red team? What are some of the challenges with automating behavior as well as malicious adversary tools and TTPs? Is it difficult to automate specific cyber actors?
- (16:53) Question 5) How can red teams and threat intelligence teams be combining their skillsets and efforts more efficiently?