Category

Published Projects

Threat-Informed Defense for the Financial Sector

Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute Profile.

Continue reading

Ambiguous Techniques

Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign behavior by applying contextual analysis to ATT&CK techniques. Reduce false positives and uncover adversarial use of living-off-the-land activity.

Continue reading

Prioritize Known Exploited Vulnerabilities

Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.

Continue reading

Security Stack Mappings – Hardware-Enabled Defense

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

Summiting the Pyramid

Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections against adversary behavior. With this update, STP reduces false positives and expands scoring to network-based analytics.

Continue reading

Secure AI

A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new threat information, and provides mitigation strategies.

Continue reading

Technique Inference Engine

Know your adversary’s next move with the Technique Inference Engine, a machine learning-powered tool that infers unseen adversary techniques, providing security teams actionable intelligence.

Continue reading

Defending OT with ATT&CK

Defending Operational Technology (OT) with ATT&CK provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments. Historical attacks against OT and adversarial techniques contained in ATT&CK for Enterprise, ATT&CK for …

Continue reading

Top ATT&CK Techniques

Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques. Our open methodology considers technique prevalence, common attack choke points, and actionability to enable defenders to focus on the ATT&CK techniques that are most relevant to their …

Continue reading

Threat Modeling With ATT&CK

Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using existing threat modeling methodologies like STRIDE, …

Continue reading