This project identified and mapped security capabilities available as part of GCP to the ATT&CK techniques to which they can detect, protect, or respond. This allows cyber defenders of cloud platforms to make threat-informed decisions about which capabilities to use and how to use them.
This project created a comprehensive set of mappings between MITRE ATT&CK® and NIST Special Publication 800-53 with supporting documentation and resources. These mappings provide a critically important resource for organizations to assess their security control coverage against real-world …
This research defines a methodology for using MITRE ATT&CK® to characterize the potential impacts of vulnerabilities. ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them. Vulnerability reporters and researchers use the methodology to …
The Center for Threat-Informed Defense’s ATT&CK Integration into VERIS project aims to help practitioners connect VERIS with MITRE ATT&CK and obtain more context about the threats they face. Verizon participated in this project and Alex Pinto, Senior Manager of their Data Breach …
This project empowers organizations with independent data on which native AWS security controls are most useful in defending against the adversary TTPs that they care about. It achieves this by mapping security capabilities of AWS to the ATT&CK techniques that they can protect, detect, or …
This project created a mapping and translation layer between VERIS and ATT&CK that allows ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. This creates the opportunity for a joint analysis of the information that ATT&CK describes well (the …
This project empowers organizations with independent data on which native Azure security controls are most useful in defending against the adversary TTPs that they care about. It achieves this by mapping security capabilities of Azure to the ATT&CK techniques that they can protect, detect, or …
