logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

Center for Threat-Informed Defense:

Threat-Informed Defense

What is Threat-Informed Defense?

Threat-Informed Defense is the systematic application of a deep understanding of adversary tradecraft and technology to improve defenses.

Threat-informed defense enables the collective resources of all defenders to be greater than those of any one adversary. It identifies known adversary behavior, relevant to an organization’s threat model, and fosters a community-driven approach to enable an organization to proactively defend, self-assess, and improve defenses against those known threats.

Threat-informed defense.

The Threat-Informed Defense Triangle

Threat-informed defense is a continuous process in which defenders and adversaries are constantly learning and evolving. The three dimensions of threat-informed defense are:

  1. Cyber Threat Intelligence: knowing the adversary, their objectives, and their tactics/techniques/procedures (TTPs).
  2. Defensive Measures: implement prevention, detection, and mitigation tailored to known threats.
  3. Testing & Evaluation: assess defenses by emulating realistic adversary behaviors and TTPs.

The MITRE ATT&CK® knowledge base is a comprehensive reference of publicly reported adversary tactics, techniques and procedures (TTPs), including how to detect and mitigate them. ATT&CK also serves as a common language that enables widespread and efficient collaboration across organizations and industries. It enables defenders think at a level of abstraction that is concrete enough to be actionable, but abstract enough to remain stable over time and across adversaries.

Why Threat-Informed Defense?

Threat-informed defense aligns defensive measures to real-world observations of adversary tradecraft. Where cybersecurity often focused on brittle indicators of compromise that are easy for an adversary to change, threat-informed defense focuses energy on adversary behavior, which is more stable over time and more expensive for adversaries to evade. The result is more efficient use of defenders’ resources and a more robust program of prevention, detection, and response. Threat-informed defense enables the collective resources of all defenders to be greater than those of any one adversary.

Threat-informed defense is not intended to replace a baseline security program but rather to supplement other activities such as patch management and vulnerability management. It enables organizations to enhance their defenses proactively and adaptively against evolving threats.

The Center for Threat-Informed Defense

Our mission is to advance the state of the art and state of the practice in threat-informed defense globally.

The Center’s privately funded research and development program brings together leading organizations from multiple industries to jointly develop foundational resources in cybersecurity that are aligned to the 3 dimensions of the TID triangle. The Center publishes each R&D project with an open source license to meet the mission of improving cyber defense globally; for organizations large and small; for non-profit, commercial sector, and government alike.

Learn More

To learn more about our threat-informed defense R&D program, visit Our Work. For a broad overview of the principles and best practices of threat-informed defense, read the Measure, Maximize, and Mature Threat-Informed Defense (M3TID) publication.

A triangular diagram labeled "M3TID" in the center. Sections: Cyber Threat Intelligence, Testing and Evaluation, Defensive Measures. Includes lists of related activities and tools.

Center R&D Projects Aligned to TID Triangle