DeepSec 2023 Talk: KENOUGH: More Than Just a Pretty Interface – Daniel Kroiss & Stefan Prinz
The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening.
We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for organizations without the capabilities to use a professional Threat Intelligence platform or TI team in general, but still want to have some insights into their most relevant threats.
In this talk, we want to shift the focus from our large global enterprise customers towards the 90% of SMEs and their issues in defending against professional threats. We will show our tool, talk about presenting the added value to management and some interesting findings and connections we identified using it.
We asked Daniel and Stefan a few more questions about their talk.
Please tell us the top 5 facts about your talk.
- Daniel and Stefan individually came up with the idea of the talk.
- While working on the tool we tested it with different clients.
- It was strongly inspired from Mitre Navigator.
- We’re planning on making the tool open source soon.
- We want to be KENOUGH to defend companies
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
We were in deep discussions with a client about use case management and were stunned by the lack of easily accessible possibilities to identify targeted use cases for them.
Why do you think this is an important topic?
Everyone should have the possibilities to target their threat defenses, even without spending a ton on complex to use threat intelligence tools.
Is there something you want everybody to know – some good advice for our readers maybe?
Sometimes the simplest solutions work best.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Imagine a world where AI hackers and AI defense systems wage war in the cyberspace, throwing exploits and mitigation techniques at each other, without us humans even noticing anything about it. Dystopia or Utopia?
Daniel is a Security professional with 9+ years’ experience as Director in KPMG Austria’s Cyber Security Advisory. His specialties lie in the field of Security strategy and architecture as well as Security Incident response where he has led multiple projects for large scale European companies with a focus on critical infrastructure resilience.
Stefan is Senior Manager at KPMG Austria and an experienced Incident Responder with a strong background in offensive security. Throughout his career, he led and responded to over 100 security incidents all over Europe and is guiding his clients to be more resilient against cyber-attacks.