Talk D-2: Use Machine Learning to automatically map CVEs and the MITRE ATT&CK Enterprise matrix
Accessible: Yes
Defenders make extensive use of the MITRE ATT&CK framework to model the various techniques used by attackers, and to represent the tactics that are most exploitable within their organization.
With more than 200,000 units, CVEs represent the most common type of vulnerability in an organization's vulnerability inventory.
During this session, we will present a complete project that maps all known and future CVEs to each technique and sub-technique of the MITRE ATT&CK Enterprise matrix. The project is based on several methods: CWE method, CVSS method & CTID method.
This new unique project is based on the work of numerous researchers around the world, augmented by a method based on AI and Machine Learning. Using this mapping engine, defenders can now project their weakness based on their stock of vulnerabilities.