Announcement

Collapse
No announcement yet.

Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo - Scott Small

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo - Scott Small

    Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo - Scott Small


    Title:
    Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo - Scott Small
    (no room for description)

    Presenter:
    Scott Small


    Abstract:
    Control Validation Compass ("Control Compass") provides a needed public resource that enables cyber security teams to actually operationalize MITRE ATT&CK for its best purpose: prioritized control validation. Control Compass unites tens of thousands of detection rules, offensive security scripts, and policy recommendations from 60+ open sources – all aligned with MITRE ATT&CK – into the largest single, continuously updated reference library for such content, wrapped in an easily searchable interface. This saves defenders, red teamers, and intel & GRC analysts serious time & effort when researching content for purple teaming efforts (aka control validation). Like its input components and sources, Control Compass resource sets are openly available to all, no strings attached. Control Compass supports a powerful second use case informed by its author’s experience advising security & intelligence teams across maturity levels: the tool also provides a library of unique, openly available threat landscape summaries organized by key adversary categories, including motivation, location, and victim industry. By enabling easy identification of relevant threat intelligence – and a simple UI-based workflow to instantly surface corresponding security controls – Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.


    Biography:
    Scott Small has over 10 years’ professional experience as a security & intelligence practitioner. Currently an analyst at a major retailer, Scott’s prior roles focused on advising security teams across maturity levels on technical and strategic applications of intelligence. Scott is an active member of the professional security & intelligence communities. In addition to speaking and contributing to community projects, he has launched two projects that aggregate and streamline publicly accessible intelligence/security resources, as well as authored his own original tools & resources.

  • #2
    Hey folks!

    I'll start a few threads with resources on how to use and the applications of Control Validation Compass. In the meantime, you can start checking it out with the links below! It's mainly a UI-based tool but feel free to fork the Github repo too.

    Homepage: https://controlcompass.github.io/

    *New!* Threat Modeling capability: https://controlcompass.github.io/threat-model

    (My personal favorite feature) - The full threat model + controls alignment workflow: https://controlcompass.github.io/risk

    Source code: https://github.com/ControlCompass/Co...pass.github.io

    Click image for larger version

Name:	Screen Shot 2022-08-02 at 9.33.00 PM.png
Views:	121
Size:	696.4 KB
ID:	243043

    Click image for larger version

Name:	Screen Shot 2022-08-02 at 9.33.57 PM.png
Views:	112
Size:	367.0 KB
ID:	243044

    Comment

    Working...
    X