Vizualize, Understand, and Share with Attack Flow 3
From large multinationals with mature cybersecurity programs to small startups, organizations around the globe use Attack Flow to track the APTs that are tracking them…
Threat-Informed Defense for the Financial Sector
The Cyber Risk Institute Profile is a distillation of the NIST Cybersecurity Framework tailored to address the financial services sector’s regulatory environment. Financial institutions, financial services companies, financial firms, and their third-party providers use the CRI Profile …
Ambiguous Techniques: Determine Malice through Context
An ambiguous technique is a MITRE ATT&CK® technique whose observable characteristics are insufficient to determine intent. This means that the observable data does not allow us to confidently ascertain whether the intent…
Fight Fraud with Threat-Informed Defense
In 2025, the Center for Threat-Informed Defense will develop the Fight Financial Fraud (F3) framework of tactics, techniques, and procedures (TTPs) used by fraud actors. The F3 framework may include new techniques that characterize known fraud TTPs. It will reference and refine existing ATT&CK …
Secure AI with Threat-Informed Defense
The Center for Threat-Informed Defense applies a threat-informed approach to AI security that enables rapid exchange of new threat information, develops approaches to emulating those threats, and provides comprehensive and effective mitigation strategies.
Threat-Informed Defense is a Mindset, Not a Technique
The Center for Threat-Informed Defense has published the results of three new projects so far in 2025, as well as three updates within the corpus of Security Capability Mappings. Within the Center, our most impactful work comes from enabling efficiency and innovation across the industry, and we do …
Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities
Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.
Stacked Defense from the Hardware Up
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.
Summiting the Pyramid: Bring the Pain with Robust and Accurate Detection
Summiting the Pyramid (STP) provides a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections against adversary behavior.
The Best Defense is a Security Capability Mapped to ATT&CK
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.