Threat-Informed Defense for Cloud Security
Use our latest mappings to replace assumption-driven cloud defense with evidence-based decisions to stop cloud adversaries in their tracks. With …
February 17, 2022
Project Summary
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
This is an old version of the Insider Threat project. For the latest version, see: Insider Threat.
Problem
SOCs and insider threat analysts need to know which technical mechanisms are used by insiders, and what controls mitigate insider threats.
Solution
Develop an open knowledge base of the tactics, techniques, and procedures used by insiders in IT environments.
Impact
Defenders detect, mitigate, and emulate insider actions on IT systems and stop them.
Funding Research Participants
Explore More of Our Work:
INFORM Your Defense
MITRE INFORM is a program-level assessment designed to show how threat-informed your organization is and where to improve next across cyber …
Attack Flow v3
With Attack Flow, you will capture the entire attack and communicate what matters!
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.