MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework
The not-for-profit organization, which also runs the CVE database of known vulnerabilities, received funding to create the D3FEND framework from the US National Security Agency (NSA).
The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.
“D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods,” the NSA said in a press release today.
The agency hopes that organizations who previously started using the ATT&CK framework to study and analyze the most common attacks they face on a regular basis will use the correspondent D3FEND techniques to counter those threats in the case of future intrusions.
Since the ATT&CK framework has become an unofficial standard for studying threat actors and cataloging their techniques, the announcement of the D3FEND framework today received universal positive feedback and praises from most of the cyber-security community.
MITRE and the NSA have urged organizations today to start implementing the D3FEND framework into their security plans as soon as possible. The MITRE Corporation has also released a technical whitepaper (PDF) that describes the core principles and design behind its new framework.