Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
March 6, 2024
Project Summary
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage.
Problem
SOCs and insider threat analysts need to know which technical mechanisms are used by insiders, and what controls mitigate insider threats.
Solution
Develop an open knowledge base of the tactics, techniques, and procedures used by insiders in IT environments.
Impact
Defenders detect, mitigate, and emulate insider actions on IT systems and stop them.
Funding Research Participants
Explore More of Our Work:
Summiting the Pyramid
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
Contribute to this Project
Contributors to the Insider Threat Knowledge Base are founders of the community’s first cross-sector, multi-organizational, community-sourced body of Insider Threat data inspired by MITRE ATT&CK®. With this knowledge base of insider threat tactics, techniques, and procedures (TTPs) as a foundation, defenders will detect, mitigate, and emulate insider actions on IT systems and stop them.