Get in Sync with ATT&CK and CTID
Threat-informed defenders can use ATT&CK Sync and the enhanced Mappings Editor to keep ATT&CK-based tools and mappings current with major changes like ATT&CK v18.
Threat-Informed Defense for the Financial Sector
The Cyber Risk Institute Profile is a distillation of the NIST Cybersecurity Framework tailored to address the financial services sector’s regulatory environment. Financial institutions, financial services companies, financial firms, and their third-party providers use the CRI Profile …
Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities
Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.
Stacked Defense from the Hardware Up
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
The Best Defense is a Security Capability Mapped to ATT&CK
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
Guarding the Grid: Defending Operational Technology With ATT&CK
Critical infrastructure such as electrical generation facilities, water treatment plants, and transportation systems are a lifeline for our communities. Unfortunately, this dependence has made critical infrastructure a prime target for threat actors.