MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

July 13, 2021
Rohan Chitradurga
VP of Product Management
MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

MITRE ATT&CK has proven to be a valuable tool for security teams to talk about the near-infinite number of actions an attacker can take by categorizing those actions into tactics and techniques. ATT&CK provides a powerful language to talk about attacks, but it lacks clear guidance for how to counter attacker actions and data exfiltration techniques.

MITRE D3FEND closes the loop by defining the countermeasures necessary to address the techniques defined in ATT&CK. Created by NSA and MITRE, D3FEND provides a framework for identifying the strength and weakness of security teams as it relates to their tools and processes.

We at Vectra applaud the efforts of the NSA and MITRE in framing these countermeasures. We have watched security teams struggle to evaluate their capabilities and tools against ATT&CK, often with limited success. Our own best efforts to map against ATT&CK have seemed imprecise at times, and we’ve watched claims from other vendors in amusement wondering how any security team could decipher actual coverage. D3FEND takes the opposing approach by laying out the set of capabilities that should be in place to provide the best possible coverage for modern attacks.

We are also proud to be the company with the most patents referenced in D3FEND (and the only network detection and response company with any). This is the result of an obsessive focus over many years to push the limits in using AI to detect a broad set of fundamental attacker behaviors, which is precisely what D3FEND encapsulates.

Maybe more important than the patents themselves is the culture of innovation that they represent. Our work is not done. Attackers never stand still. Vectra will continue to push the limits of AI for threat detection—both in networks and in the cloud—for years to come. Our R&D investment will more than double in 2021, powered by recent funding led by Blackstone.

We are excited about the impact of D3FEND on the security industry and look forward to also contributing to countermeasures in the cloud, based on our ongoing research into Office 365, Azure AD, and public cloud control planes.

List of techniques referencing Vectra patents:

A few countermeasures are directly attributed to Vectra’s patents alone:

MITRE D3FEND countermeasures and description

We are committed to making the world a safer and fairer place. As such we look forward to continuing to contribute our unique innovations [and patents] to the D3FEND matrix as it matures and expands to cover additional countermeasures.