Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
February 17, 2022
Project Summary
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
This is an old version of the Insider Threat project. For the latest version, see: Insider Threat.
Problem
SOCs and insider threat analysts need to know which technical mechanisms are used by insiders, and what controls mitigate insider threats.
Solution
Develop an open knowledge base of the tactics, techniques, and procedures used by insiders in IT environments.
Impact
Defenders detect, mitigate, and emulate insider actions on IT systems and stop them.
Funding Research Participants
Explore More of Our Work:
Summiting the Pyramid
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
Stay Informed
Sign up for the Center's "Stay Informed" newsletter to get notified for new project releases and upcoming events.