Vizualize, Understand, and Share with Attack Flow 3
From large multinationals with mature cybersecurity programs to small startups, organizations around the globe use Attack Flow to track the APTs that are tracking them…
Ambiguous Techniques: Determine Malice through Context
An ambiguous technique is a MITRE ATT&CK® technique whose observable characteristics are insufficient to determine intent. This means that the observable data does not allow us to confidently ascertain whether the intent…
Fight Fraud with Threat-Informed Defense
In 2025, the Center for Threat-Informed Defense will develop the Fight Financial Fraud (F3) framework of tactics, techniques, and procedures (TTPs) used by fraud actors. The F3 framework may include new techniques that characterize known fraud TTPs. It will reference and refine existing ATT&CK …
Secure AI with Threat-Informed Defense
The Center for Threat-Informed Defense applies a threat-informed approach to AI security that enables rapid exchange of new threat information, develops approaches to emulating those threats, and provides comprehensive and effective mitigation strategies.
Threat-Informed Defense is a Mindset, Not a Technique
The Center for Threat-Informed Defense has published the results of three new projects so far in 2025, as well as three updates within the corpus of Security Capability Mappings. Within the Center, our most impactful work comes from enabling efficiency and innovation across the industry, and we do …
Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities
Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.
Threat-Informed Defense Applies Broadly – 2024 R&D Roadmap Update – Part Three
The third principle for our 2024 research program is Threat-Informed Defense applies broadly. You will find Center projects that apply threat-informed defense to artificial intelligence enabled systems, to hardware, and a variety of platforms.
Share the How – 2024 R&D Roadmap Update – Part Two
Our mission is to advance the state of the art and state of the practice in threat-informed defense globally. To make that transition from art to practice for all defenders, our second principle is Share the how.
Good Work Becomes Better Work – 2024 R&D Roadmap Update – Part One
Threat-informed defense identifies known adversary behavior, relevant to an organization’s threat model, and fosters a community-driven approach to enable an organization to proactively defend, self-assess, and improve defenses against those known threats.
Know Your Adversary's Next Move With TIE
Describing adversarial behaviors in the form of tactics, techniques, and procedures (TTPs) using MITRE ATT&CK® revolutionized detection and response. Focusing on TTPs creates an opportunity for high-fidelity detection of adversaries. If we can detect a behavior, the adversary will need to change …