MITRE Releases Cyber Defense Framework “D3FEND”: As a Complement to ATT&CK Framework


MITRE Corporation, one of the leading organizations in the cybersecurity space, has released D3FEND, a framework that complements the industry-recognized ATT&CK framework.

MITRE D3FEND Knowledge Graph
D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their re...

D3FEND will be a framework developed with funding from the US National Security Agency (NSA).

The basic idea behind D3FEND is to provide a framework of defensive techniques that can be applied by system administrators to counter the actions detailed in the ATT&CK matrix, launched in 2015 to catalog the most common attack techniques used by attackers in the real world. The idea is to provide a framework of defensive practices that system administrators can apply to counter the practices detailed in the ATT&CK matrix, launched in 2015 to catalog the practices.

“D3FEND establishes terminology for computer network defense techniques and clarifies previously unidentified relationships between defense and attack methods,” the NSA said in a press release today.

The announcement of the D3FEND framework has received a lot of positive feedback from the cybersecurity community, as the ATT&CK framework has become an unofficial standard for studying attackers and cataloging their techniques.

Great! D3FEND, the technical knowledge of defensive measures against attack methods, complements MITRE’s knowledge base of cyber adversary behavior, ATT&CK. In other words, we can look at what can defend against what

MITRE and the NSA are urging companies to implement the D3FEND framework into their security plans as soon as possible.

MITRE Corporation has also released a technical white paper (PDF) describing the basic principles and design of the new framework.