MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

MITRE Publishes D3FEND

Framework, with Vectra Patents

Referenced More Than Any Other

MITRE Publishes D3FEND

Framework, with Vectra Patents

Referenced More Than Any Other

By:
投稿者:
Rohan Chitradurga
July 13, 2021

MITRE ATT&CK has proven to be a valuable tool for security teams to talk about the near-infinite number of actions an attacker can take by categorizing those actions into tactics and techniques. ATT&CK provides a powerful language to talk about attacks, but it lacks clear guidance for how to counter attacker actions and data exfiltration techniques.

MITRE D3FEND closes the loop by defining the countermeasures necessary to address the techniques defined in ATT&CK. Created by NSA and MITRE, D3FEND provides a framework for identifying the strength and weakness of security teams as it relates to their tools and processes.

We at Vectra applaud the efforts of the NSA and MITRE in framing these countermeasures. We have watched security teams struggle to evaluate their capabilities and tools against ATT&CK, often with limited success. Our own best efforts to map against ATT&CK have seemed imprecise at times, and we’ve watched claims from other vendors in amusement wondering how any security team could decipher actual coverage. D3FEND takes the opposing approach by laying out the set of capabilities that should be in place to provide the best possible coverage for modern attacks.

We are also proud to be the company with the most patents referenced in D3FEND (and the only network detection and response company with any). This is the result of an obsessive focus over many years to push the limits in using AI to detect a broad set of fundamental attacker behaviors, which is precisely what D3FEND encapsulates.

Maybe more important than the patents themselves is the culture of innovation that they represent. Our work is not done. Attackers never stand still. Vectra will continue to push the limits of AI for threat detection—both in networks and in the cloud—for years to come. Our R&D investment will more than double in 2021, powered by recent funding led by Blackstone.

We are excited about the impact of D3FEND on the security industry and look forward to also contributing to countermeasures in the cloud, based on our ongoing research into Office365, Azure AD, and public cloud control planes.

List of techniques referencing Vectra patents:

D3FEND Technique

Patent Reference Link

Filed Date

Administrative Network Activity Analysis

9/12/16

Client-server Payload Profiling

9/12/16

Connection Attempt Analysis

3/11/14

DNS Traffic Analysis

3/11/14

Network Traffic Community Deviation

11/3/14

Per Host Download-Upload Ratio Analysis

11/3/14

Protocol Metadata Anomaly Detection

11/18/14

Protocol Metadata Anomaly Detection

11/18/14

Protocol Metadata Anomaly Detection

11/3/14

Relay Pattern Analysis

3/11/14

Remote Terminal Session Detection

3/11/14

User Data Transfer Analysis

11/3/14

D3FEND Technique

Patent Reference Link

Filed Date

Administrative Network Activity Analysis

9/12/16

Client-server Payload Profiling

9/12/16

Connection Attempt Analysis

3/11/14

DNS Traffic Analysis

3/11/14

Network Traffic Community Deviation

11/3/14

Per Host Download-Upload Ratio Analysis

11/3/14

Protocol Metadata Anomaly Detection

11/18/14

Protocol Metadata Anomaly Detection

11/18/14

Protocol Metadata Anomaly Detection

11/3/14

Relay Pattern Analysis

3/11/14

Remote Terminal Session Detection

3/11/14

User Data Transfer Analysis

11/3/14

A few countermeasures are directly attributed to Vectra’s patents alone:

We are committed to making the world a safer and fairer place. As such we look forward to continuing to contribute our unique innovations [and patents] to the D3FEND matrix as it matures and expands to cover additional countermeasures.

About the author

Rohan Chitradurga

Rohan is the Sr. Director of Product Management at Vectra, running the Cognito Detect and Cognito Detect for SaaS products. He has 15+ years of experience in the network & security industry. He received his MBA from Wharton School of Business where he graduated as a Palmer Scholar. Prior to that, he did his undergraduate in electrical engineering from Indian Institute of Technology (IIT), Delhi and graduate in electrical engineering from USC.

Author profile and blog posts

Most recent blog posts from the same author

Artificial intelligence

MITRE D3FEND: Learn MITRE D3FEND Framework & Techniques

July 13, 2021
Read blog post
Threat detection

Office 365のセキュリティ、Power Automateは新しいPowerShellである 

June 29, 2020
Read blog post
Threat detection

Office 365 Security: Power Automate is the New PowerShell

June 29, 2020
Read blog post