Threat-Informed Defense

threat-informed defense programs

Accelerating the cybersecurity community’s ability to get ahead of adversaries

By leveraging industry and MITRE expertise, we advance the state of the art and the state of the practice in threat-informed defense. Our programs develop practical MITRE ATT&CK® based resources, technologies, and processes, empowering cyber defenders to improve their operations.

cybersecurity team

A Proactive Approach to Security

Threat-informed defense is the systematic application of a deep understanding of adversary tradecraft and technology to improve defenses. By taking the information we understand and adding the adversary’s perspective into account, we can build prepared and resilient security operations.

Informed Security Investments

Direction based on real-world adversary behavior provides optimal guidance on proceeding with your security strategy.

Architecture Perspective

Defenders that put themselves in the adversary’s mind have a systematic understanding of the tactics, techniques and procedures (TTPs) that the adversary is deploying and ultimately a better understanding of how adversaries act.

Committed Community

The adversary is global, agile, and evasive. The fastest way to outpace the adversary is by sharing knowledge.

threat-informed defense

Applications of
Threat-Informed Defense

Threat-informed defense rests on a foundation of solid enterprise cybersecurity. It is a strategy and approach that an organization implements in addition to getting a handle on their basic cyber hygiene.


Threat-informed defense is…

  • A lens, through which, you can understand your security posture

  • A way to think about your security architecture and operations

  • A way to prioritize your security strategy and investments

  • A way of assessing the effectiveness of your security investments

Threat-Informed Defense

The three pillars of our threat-informed defense program include the renowned Center for Threat-Informed Defense, the trusted ATT&CK Evaluations program, and the innovative MITRE ATT&CK Defender™ training and certification program. In support of MITRE’s mission to solve problems for a safer world, each program provides the community with freely available resources.

Cyber Trifecta

Center for Threat-Informed Defense

The Center for Threat-Informed Defense is a collaborative research and development organization with a mission to advance the state of the art and the state of the practice of threat-informed defense.

Get Involved With The Center

Community Resources

Results of the Center’s R&D projects are freely available to the public.

View Our Work

ATT&CK® Evaluations

Open and fair evaluations based on ATT&CK enable users to better understand and defend against real-world threats – leading to a safer world for all.

View Our ATT&CK Methodology

Community Resources

Evaluation results are available to the public so other organizations may provide their own analysis and interpretation.

View ATT&CK Results


With their invention of the “living certification,” MAD has changed the game in cybersecurity credentialing. ATT&CK subject matter experts provide up-to-date trainings and assessments, with an annual subscription guaranteeing access to certifications that validate a defender’s mastery of ATT&CK.

View MAD Upskill Opportunities

Community Resources

Taught by MITRE Engenuity’s “MAD Professors,” all training videos are available online with a free subscription to Cybrary.