SANS 2022 ATT&CK™ and D3FEND™ Report

In this whitepaper, SANS looks at two complementary frameworks that defenders should utilize: MITRE ATT&CK™ and MITRE D3FEND™. Aptly named, these frameworks describe adversary techniques and defense countermeasures, respectively.

Since its introduction, multiple security controls and vendors have aligned their products and detections to ATT&CK. However, we have seen little representation of D3FEND—something we aim to change with this whitepaper.

This whitepaper covers the following topics:

• An understanding of the ATT&CK and D3FEND frameworks.
• The strengths of each framework as it pertains to enterprise security.
• How the frameworks can be utilized to help strengthen incident analysis and response.
• How to incorporate both frameworks into your threat intelligence capabilities.