MITRE D3FEND
What is MITRE D3FEND?
MITRE D3FENDA MITRE knowledge graph of defensive cybersecurity countermeasures and the digital artifacts they observe or modify, complementing MITRE ATT&CK.
MITRE D3FEND is a knowledge graph of cybersecurity defensive countermeasures, developed by MITRE with U.S. National Security Agency (NSA) sponsorship. It catalogues defensive techniques organised into tactics such as Harden, Detect, Isolate, Deceive, and Evict, and links them to the digital artifacts they operate on (processes, files, network flows, etc.) using a formal ontology. D3FEND is designed as the defensive counterpart to MITRE ATT&CK: security teams can map adversary techniques (ATT&CK) to candidate countermeasures (D3FEND) to plan, evaluate, and communicate defensive coverage. It is widely used by architects, product managers, and government acquirers.
● Examples
- 01
A security architect using D3FEND to identify candidate mitigations for an ATT&CK technique.
- 02
A vendor mapping its EDR capabilities to D3FEND techniques to communicate coverage.
● Frequently asked questions
What is MITRE D3FEND?
A MITRE knowledge graph of defensive cybersecurity countermeasures and the digital artifacts they observe or modify, complementing MITRE ATT&CK. It belongs to the Compliance & Frameworks category of cybersecurity.
What does MITRE D3FEND mean?
A MITRE knowledge graph of defensive cybersecurity countermeasures and the digital artifacts they observe or modify, complementing MITRE ATT&CK.
How do you defend against MITRE D3FEND?
Defences for MITRE D3FEND typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for MITRE D3FEND?
Common alternative names include: D3FEND, MITRE D3FEND Framework.