MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework
Image: MITRE
Catalin Cimpanu June 23, 2021

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework

The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.

The not-for-profit organization, which also runs the CVE database of known vulnerabilities, received funding to create the D3FEND framework from the US National Security Agency (NSA).

The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.

attack-defend
Image: MITRE
D3FEND-example
Image: MITRE

“D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods,” the NSA said in a press release today.

The agency hopes that organizations who previously started using the ATT&CK framework to study and analyze the most common attacks they face on a regular basis will use the correspondent D3FEND techniques to counter those threats in the case of future intrusions.

Since the ATT&CK framework has become an unofficial standard for studying threat actors and cataloging their techniques, the announcement of the D3FEND framework today received universal positive feedback and praises from most of the cyber-security community.

MITRE and the NSA have urged organizations today to start implementing the D3FEND framework into their security plans as soon as possible. The MITRE Corporation has also released a technical whitepaper (PDF) that describes the core principles and design behind its new framework.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.