BREAKING: MITRE Engenuity Publishes their Blueprint for a Domestic Semiconductor Industry. Read the Paper.
M
logo
        • Who We Are

        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage

        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us

        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors

        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk

        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity

        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations

        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense

        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender

        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom

        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium

        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health

        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact

        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights

        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

MAPPING ATT&CK TO CVE FOR IMPACT

Project Summary

Published : Oct 21, 2021

This research defines a methodology for using MITRE ATT&CK® to characterize the potential impacts of vulnerabilities. ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them.  Vulnerability reporters and researchers use the methodology to describe the impact of vulnerabilities, enabling defenders to easily integrate vulnerability information into their risk models and identify appropriate compensating security controls. This methodology aims to establish a critical connection between vulnerability management, threat modeling, and compensating controls.

Problem

Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities.

SOLUTION

Develop a methodology to use the adversary behaviors described in ATT&CK to characterize the impact of CVEs, providing much-needed context.

IMPACT

CVEs linked to ATT&CK techniques form a crucial contextual bridge between vulnerability management, threat modeling, and compensating controls, empowering defenders to better assess the true risk posed by specific vulnerabilities in their environment.

funding Research Participants

Adoption Spotlights: Center R&D in Action

Adoption Spotlights showcase the Center’s R&D in action to help the community adopt threat-informed defense. Learn how these organizations are leveraging Center R&D to change the game on the adversary.

  • New call-to-action
  • New call-to-action

Share this project

Explore More of Our Work

Loading

Load More
see more news and insights

Stay Informed

Stay informed about new releases of R&D projects and other exciting updates from the Center for Threat-Informed Defense.