Center for Threat-Informed Defense

💥 Registration Now Open 💥 The 2025 Asia-Pacific ATT&CK Community Workshop will unite regional security operations practitioners to advance a global understanding of threat-informed defense. Don't miss this opportunity to learn from regional MITRE ATT&CK users as they cover topics including purple teaming, detection engineering, cyber threat intelligence analysis, risk management, changing the ransomware paradigm, and more. Full agenda online. Register now! https://lnkd.in/e2Qn8YTH  #ThreatInformedDefense #community #Cybersecurity #AsiaPacific #Collaboration #CyberDefense MITRE MITRE Australia MITRE ATLAS

If you missed the Secure AI webinar during the end of year rush, the slides and session recording are now available. https://lnkd.in/eS2U9Fxu Here are a few of the live webinar questions that we just couldn’t get to: ❓ Do you see any commercial products that are planning to map/integrate to Atlas similar to DEFEND and MITRE ATT&CK? 💡 Yes, several of the AI security start ups do this already (like HiddenLayer, ProtectAI, Cranium, etc.) and others in the cyber word and big tech companies as well. ❓ Does ATLAS have any guidance as to how to monitor and detect AI security incidents inside an enterprise? 💡 Yes, look at our ATLAS mitigations for some high-level pointers and engage in our Slack community for ongoing discussions. https://lnkd.in/eECyQR4U ❓ OWASP Top 10 for LLM -- is this incorporated in ATLAS? 💡 Yes, it’s covered by ATLAS with slightly different framing as we ground the TTPs in case study attack examples, but it’s covered! Thank you all for your engagement and your questions. #ThreatInformedDefense #SecureAI #Community MITRE ATLAS

Join Jonathan Baker and Taha Sajid - CISSP, MSc on Xecurity Pulse next week to learn how we are empowering cyber defenders with practical resources through our collaborative R&D program. #ThreatInformedDefense

We are pleased to welcome Fortinet as a Sponsor of the Asia-Pacific ATT&CK Community Workshop in Singapore on March 6 & 7, 2025. Fortinet's support as the Threat-Informed Defense Training Day Sponsor is instrumental in advancing the MITRE ATT&CK framework across the Asia-Pacific region. Their support will enhance collaboration and knowledge sharing among cybersecurity professionals. Thank you, Fortinet for your commitment to expanding the ATT&CK community globally. We look forward to a successful event in Singapore! Interested in sponsoring? https://lnkd.in/e2Qn8YTH #ATTACKCommunity #threatinformeddefense #Cybersecurity

We are pleased to welcome AiSP (Association of Information Security Professionals) as a valued Supporter of the Asia-Pacific ATT&CK Community Workshop in Singapore on March 6 & 7, 2025. AiSP's collaboration is instrumental in building a community of threat-informed defense practitioners and advancing MITRE ATT&CK across the Asia-Pacific region. Their involvement will enhance collaboration and knowledge sharing among cybersecurity professionals. Thank you, AiSP, for your commitment to expanding the ATT&CK community globally. We look forward to a successful event in Singapore! Sponsorship opportunities are available now: https://lnkd.in/e2Qn8YTH In person registration and speaker announcements will be posted next week. #ATTACKCommunity #ThreatInformedDefense #Cybersecurity

🔍 Dive into Hardware-Enabled Defense with Intel vPro Security Stack Mappings to ATT&CK! Our mapping methodology developed in collaboration with AttackIQ, CrowdStrike, Intel Corporation, and Microsoft is the backbone of this project, providing a structured approach to connect integrated security capabilities with adversarial behaviors.    🛡️ By leveraging MITRE ATT&CK, we've created a framework that shows defenders how hardware, OS, and software features mitigate specific threats. This methodology ensures a comprehensive understanding of defense-in-depth strategies, empowering you to make informed security decisions.    Explore the methodology in detail and transform your cybersecurity posture.   https://lnkd.in/euUp9j8G   #CyberDefense #ThreatInformedDefense #MappingMethodology #IntelvPro 

📊 Build Accurate and Robust Analytics 📊 Summiting the Pyramid scores analytics against the pyramid of pain and changes the way we think about detection engineering by scrutinizing the components within the analytic. Here are three actionable steps to build accurate detections that are resistant to adversary evasion over time. 🔧 The Recipe for Robustness: 1️⃣ Identify sets of observables that trigger no matter how a technique is implemented 2️⃣ Prioritize sets which are specific to malicious behavior 3️⃣ Add false positive exclusions, making the detection more accurate Learn more about the critical enhancements in our latest blog, including diagrams of technique implementations: https://lnkd.in/eXxhvfiA This research is possible through the experience and collaboration of our dedicated partners: AttackIQ, Fortinet, IBM, Lloyds Banking Group, and Microsoft. #Cybersecurity  #ThreatInformedDefense #CyberResilience #Innovation #DetectionEngineering

🚨 New Release – Security Stack Mappings – Hardware-Enabled Defense 🚨 Advanced security features in hardware can be partnered with operating system (OS) and software security features to optimize mitigations against cyber threats. However, these hardware-based capabilities are typically not well known to security practitioners. We expanded our mappings methodology to connect integrated hardware, OS, and security software capabilities to the behaviors in MITRE ATT&CK that they mitigate. We developed these mappings in collaboration with AttackIQ, CrowdStrike, Intel Corporation, and Microsoft. Highlights:  ⭐ Integrated hardware and software security features mapped to real-world adversary behaviors.  ⭐ Quantifiable demonstration of threat-informed defense and defense-in-depth.  ⭐ Available resources include mappings, ATT&CK Navigator layers, and mapping methodology. Thank you to our partner organizations for their invaluable contributions. Explore the Mappings Explorer today and enhance your cybersecurity posture!  https://lnkd.in/eCZWGprS #CyberSecurity #ThreatInformedDefense #IntelvPro 

🌟 Catch Them on the Host; Catch Them on the Network 🌟 Summiting the Pyramid (STP) is used by organizations to improve their detections of adversary behavior, and the Sigma analytics repository now has an STP flag to score the robustness of open-source analytics. STP initially provided a framework to score host-based analytics, primarily from the Windows Operating System (OS). Now we have expanded the scoring framework to include analytics from both a network-based sensing and host-based sensing perspective. The host-based model measures the increasing cost to the adversary to avoid host-based sensors.   The network traffic model scores detections on the increasing difficulty for the adversary to avoid sensor visibility into the relevant network protocol. We solved this research question in partnership with detection engineers from our participating Center members: AttackIQ, Fortinet, IBM, Lloyds Banking Group, and Microsoft. How will you catch your slipperiest adversaries? https://lnkd.in/ePUbmJsh #threatinformeddefense #cybersecurity  #ThreatInformedDefense #CyberResilience #Innovation

🔍 How Do Adversaries Attack Thee? Let Me Count the Ways 🔍 As adversaries implement ATT&CK techniques in new and sneakier ways, our Summiting the Pyramid project created the cheat code to stop them in our Detection Decomposition Diagrams (D3). 🔧 What You See in a D3: 👉 Implementations both benign and malicious 👉 Observables across multiple implementations 👉 Accuracy, robustness, and sometimes both Use Summiting the Pyramid: https://lnkd.in/emQnRixR Learn about our latest research: https://lnkd.in/eXxhvfiA #Cybersecurity  #ThreatInformedDefense #CyberResilience #Innovation #DetectionEngineering