The Cyber5 Podcast
Using Automation for Stronger SOC Collaboration with Scythe CTO Jorge Orchilles
Episode 23 of the podcast covers automation for stronger cyber threat intelligence (CTI), red team, and blue team collaboration with Scythe CTO Jorge Orchilles.
Outline:
- (01:25) Question 1) Explain the difference between attack simulation techniques and MITRE ATT&CK techniques and elaborate what is more useful for a blue team.
- (03:04) Question 2) Is an attack simulation more useful to a blue team than threat intelligence?
- (06:27) Question 3) In your opinion, should MITRE ATT&CK start incorporating red team techniques into their framework(s)? Why or why not?
- (07:56) Question 4) What’s a role automation can play to better remediate between numerous stakeholders following a red team? What are some of the challenges with automating behavior as well as malicious adversary tools and TTPs? Is it difficult to automate specific cyber actors?
- (16:53) Question 5) How can red teams and threat intelligence teams be combining their skillsets and efforts more efficiently?
Episode 23 | September 10, 2020