Changing the Game on the Adversary
The Center's mission is simple: Advance the state of the art and the state of the practice in threat-informed defense… globally. In the Center, the most highly sophisticated cybersecurity teams from around the world come together to research and develop solutions to critical challenges and make the results of our work freely available.
The Center
By the Numbers
Mission
1
Members
36
Ideas in Pipeline
10
Products in Development
4
Published Projects
39
What is Threat-Informed Defense?
Threat-Informed Defense is the systematic application of a deep understanding of adversary tradecraft and technology to improve defenses.
Threat-informed defense enables the collective resources of all defenders to be greater than those of any one adversary. It identifies known adversary behavior, relevant to an organization’s threat model, and fosters a community-driven approach to enable an organization to proactively defend, self-assess, and improve defenses against those known threats.
Threat-informed defense is a continuous process in which defenders and adversaries are constantly learning and evolving. The three dimensions of threat-informed defense are:
- Cyber Threat Intelligence: knowing the adversary and their tactics, techniques, & procedures (TTPs).
- Defensive Measures: implement prevention, detection, and mitigation tailored to known threats.
- Testing & Evaluation: assess defenses by emulating realistic adversary behaviors and TTPs.
The MITRE ATT&CK® knowledge base is a comprehensive reference of publicly reported adversary TTPs, including how to detect and mitigate them. ATT&CK also serves as a common language that enables widespread and efficient collaboration across organizations and industries. It enables defenders think at a level of abstraction that is concrete enough to be actionable, but abstract enough to remain stable over time and across adversaries.
Why Threat-Informed Defense?
Threat-informed defense aligns defensive measures to real-world observations of adversary tradecraft. Where cybersecurity often focused on brittle indicators of compromise that are easy for an adversary to change, threat-informed defense focuses energy on adversary behavior, which is more stable over time and more expensive for adversaries to evade. The result is more efficient use of defenders' resources and a more robust program of prevention, detection, and response. Threat-informed defense enables the collective resources of all defenders to be greater than those of any one adversary.
Threat-informed defense is not intended to replace a baseline security program but rather to supplement other activities such as patch management and vulnerability management. It enables organizations to enhance their defenses proactively and adaptively against evolving threats.
The Center for Threat-Informed Defense
Our mission is to advance the state of the art and state of the practice in threat-informed defense globally.
The Center's privately funded research and development program brings together leading organizations from multiple industries to jointly develop foundational resources in cybersecurity that are aligned to the 3 dimensions of the threat-informed defense (TID) triangle. The Center publishes each R&D project with an open source license to meet the mission of improving cyber defense globally; for organizations large and small; for non-profit, commercial sector, and government alike.
Learn More
To learn more about our threat-informed defense R&D program, visit Our Work. For a broad overview of the principles and best practices of threat-informed defense, read the Measure, Maximize, and Mature Threat-Informed Defense (M3TID) publication.