MITRE, an organization dedicated to cybersecurity, recently released their latest framework, D3FEND. D3FEND is positioned as an offensive approach to cyber crime. Therefore, offering a complimentary component to MITRE’s existing knowledge base of cyber criminal behavior, ATT&CK.
ATT&CK & D3FEND
Available worldwide, ATT&CK is a free knowledge base of cyber adversary tactics and techniques based on real-world observations. Many organizations in the private and public sectors utilize this framework to better understand the cyber threat landscape and prepare their defenses. While the MITRE ATT&CK framework focuses on the defensive techniques cyber criminals take, D3FEND highlights an offensive stance. Organizations can then use D3FEND to tailor their cybersecurity approaches, and take an offensive stance based on the nature of the attack methods.
Let’s break this down. Before MITRE researched and developed their newest framework, they essentially had the game tapes for the opposing team. Now, by using their latest models, they were able to develop a playbook to block each of the enemy’s moves. As mentioned before, both MITRE frameworks are available to the public to utilize in an effort to keep themselves cyber secure.
D3FEND Includes Application Whitelisting
MITRE’s D3FEND framework highlights the importance of application whitelisting. More specifically, they encourage whitelisting at a signature level, meaning, every application that runs on your computer should be digitally signed by a reputable source. If, for any reason, that file is changed, that signature is no longer valid. Therefore, by using a default-deny approach at the signature level, the risk of an attack infecting the network is reduced significantly. Choosing a security solution that has this patented technology will be key.
It all sounds good and well. The idea of having this knowledge base, and understanding how to utilize it — and to be fair, it is. These frameworks offer a wealth of insight to those who will utilize them. However, the unfortunate reality is, as mentioned in a recent CyberTalk with CyberScoop, these frameworks, best practices, and open letters issued by the federal government do not mandate organizations comply with these recommendations. This is the weak link.
458 total views, 1 views today