MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.
The not-for-profit organization, which also runs the CVE database of known vulnerabilities, received funding to create the D3FEND framework from the US National Security Agency (NSA).
The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.
"D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods," the NSA said in a press release today.
The agency hopes that organizations who previously started using the ATT&CK framework to study and analyze the most common attacks they face on a regular basis will use the correspondent D3FEND techniques to counter those threats in the case of future intrusions.
Since the ATT&CK framework has become an unofficial standard for studying threat actors and cataloging their techniques, the announcement of the D3FEND framework today received universal positive feedback and praises from most of the cyber-security community.
This is really interesting as a complement to MITRE ATT&CK https://t.co/Xjil7KISiA
— Ian Hoyle (@ianhoyle) June 22, 2021
Sweet!
— Brian in Pittsburgh (@arekfurt) June 22, 2021
"The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE’s ATT&CK, a knowledge base of cyber adversary behavior."
In other words, see what stops what.https://t.co/LUIY73fLv8
MITRE and the NSA have urged organizations today to start implementing the D3FEND framework into their security plans as soon as possible. The MITRE Corporation has also released a technical whitepaper (PDF) that describes the core principles and design behind its new framework.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.