Threat-Informed Defense for the Financial Sector
Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …
February 13, 2025
Project Summary
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
The Prioritize Known Exploited Vulnerabilities mappings are part of our Mappings Explorer program. Use the Mappings Explorer website to navigate, explore, search, and download our mappings of security capabilities to MITRE ATT&CK®.
Problem
Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities.
Solution
Use the adversary behaviors described in ATT&CK to characterize the impact of a vulnerability. Then, apply that methodology to provide critically needed context to known exploited vulnerabilities.
Impact
CVEs linked to ATT&CK techniques form a crucial contextual bridge between vulnerability management, threat modeling, and compensating controls, empowering defenders to better assess the true risk posed by specific vulnerabilities in their environment.
Funding Research Participants
Explore More of Our Work:
Ambiguous Techniques
Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …
Prioritize Known Exploited Vulnerabilities
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.