Back to Blog ブログ一覧へ戻る

MITRE Publishes D3FEND Framework, with

Vectra Patents Referenced More Than Any Other

By
Rohan Chitradurga
|
July 13, 2021

MITRE ATT&CK has proven to be a valuable tool for security teams to talk about the near-infinite number of actions an attacker can take by categorizing those actions into tactics and techniques. ATT&CK provides a powerful language to talk about attacks, but it lacks clear guidance for how to counter attacker actions and data exfiltration techniques.

MITRE D3FEND closes the loop by defining the countermeasures necessary to address the techniques defined in ATT&CK. Created by NSA and MITRE, D3FEND provides a framework for identifying the strength and weakness of security teams as it relates to their tools and processes.

We at Vectra applaud the efforts of the NSA and MITRE in framing these countermeasures. We have watched security teams struggle to evaluate their capabilities and tools against ATT&CK, often with limited success. Our own best efforts to map against ATT&CK have seemed imprecise at times, and we’ve watched claims from other vendors in amusement wondering how any security team could decipher actual coverage. D3FEND takes the opposing approach by laying out the set of capabilities that should be in place to provide the best possible coverage for modern attacks.

We are also proud to be the company with the most patents referenced in D3FEND (and the only network detection and response company with any). This is the result of an obsessive focus over many years to push the limits in using AI to detect a broad set of fundamental attacker behaviors, which is precisely what D3FEND encapsulates.

Maybe more important than the patents themselves is the culture of innovation that they represent. Our work is not done. Attackers never stand still. Vectra will continue to push the limits of AI for threat detection—both in networks and in the cloud—for years to come. Our R&D investment will more than double in 2021, powered by recent funding led by Blackstone.

We are excited about the impact of D3FEND on the security industry and look forward to also contributing to countermeasures in the cloud, based on our ongoing research into Office 365, Azure AD, and public cloud control planes.

List of techniques referencing Vectra patents:

D3FEND Technique

Patent Reference Link

Filed Date

Administrative Network Activity Analysis

09/12/2016

Client-server Payload Profiling

09/12/2016

Connection Attempt Analysis

03/11/2014

DNS Traffic Analysis

03/11/2014

Network Traffic Community Deviation

11/03/2014

Per Host Download-Upload Ratio Analysis

11/03/2014

Protocol Metadata Anomaly Detection

11/18/2014

Protocol Metadata Anomaly Detection

11/18/2014

Protocol Metadata Anomaly Detection

11/03/2014

Relay Pattern Analysis

03/11/2014

Remote Terminal Session Detection

03/11/2014

User Data Transfer Analysis

11/03/2014

A few countermeasures are directly attributed to Vectra’s patents alone:

We are committed to making the world a safer and fairer place. As such we look forward to continuing to contribute our unique innovations [and patents] to the D3FEND matrix as it matures and expands to cover additional countermeasures.