Get in Sync with ATT&CK and CTID
Threat-informed defenders can use ATT&CK Sync and the enhanced Mappings Editor to keep ATT&CK-based tools and mappings current with major changes like ATT&CK v18.
Can You Detect What You Can’t Predict? Lessons from SharePoint Vulnerability CVE-2025-53770
The exploitation of critical zero-day vulnerabilities in Microsoft SharePoint highlights that adversaries don’t always need new tools to succeed. By chaining familiar techniques with newly discovered flaws, they can bypass defenses without deploying novel malware or infrastructure. Sometimes, all it …
Vizualize, Understand, and Share with Attack Flow 3
From large multinationals with mature cybersecurity programs to small startups, organizations around the globe use Attack Flow to track the APTs that are tracking them…
Threat-Informed Defense for the Financial Sector
The Cyber Risk Institute Profile is a distillation of the NIST Cybersecurity Framework tailored to address the financial services sector’s regulatory environment. Financial institutions, financial services companies, financial firms, and their third-party providers use the CRI Profile …
Ambiguous Techniques: Determine Malice through Context
An ambiguous technique is a MITRE ATT&CK® technique whose observable characteristics are insufficient to determine intent. This means that the observable data does not allow us to confidently ascertain whether the intent…
Fight Fraud with Threat-Informed Defense
In 2025, the Center for Threat-Informed Defense will develop the Fight Financial Fraud (F3) framework of tactics, techniques, and procedures (TTPs) used by fraud actors. The F3 framework may include new techniques that characterize known fraud TTPs. It will reference and refine existing ATT&CK …
Secure AI with Threat-Informed Defense
The Center for Threat-Informed Defense applies a threat-informed approach to AI security that enables rapid exchange of new threat information, develops approaches to emulating those threats, and provides comprehensive and effective mitigation strategies.
Threat-Informed Defense is a Mindset, Not a Technique
The Center for Threat-Informed Defense has published the results of three new projects so far in 2025, as well as three updates within the corpus of Security Capability Mappings. Within the Center, our most impactful work comes from enabling efficiency and innovation across the industry, and we do …
Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities
Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.
Stacked Defense from the Hardware Up
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.