AttackIQ and the Center for Threat-Informed Defense

AttackIQ is a founding research partner of the Center for Threat-Informed Defense, a non-profit research and development organization operated by MITRE Engenuity with the mission to advance the practice of threat-informed defense. Comprised of organizations with highly sophisticated security teams including Microsoft, Citi, JP Morgan Chase & Co. and HCA Healthcare, the Center builds on MITRE ATT&CK® to help practitioners strengthen their cybersecurity posture.

As a founding research partner, from the beginning of the Center’s existence AttackIQ has shaped the Center’s research agenda and been intimately involved in the research process for the projects on which we work. For more about how AttackIQ helps shape the Center’s agenda and our adoption of the practice of threat-informed defense,  please see our webinar with the Center directors here.

Center for Threat Informed Defense Research Partner (Founder)

“The Center for Threat-Informed Defense brings together the best security teams in the world to collaborate on research that will shift the cybersecurity playing field in favor of defenders. Together, we can make an impact that’s far larger than anything we can do as individual companies.”

– Richard Struse, Director, Center for Threat-Informed Defense.

CTID Members

As the first company to operationalize and automate the MITRE ATT&CK™ framework, AttackIQ has been collaborating with The Center of Threat-Informed Defense since its inception to help defenders take a proactive, strategic approach to their security programs.

Jose Barajas

Jose Barajas,
AttackIQ Technical Director

“AttackIQ’s mission is to make the world safe for compute. We contribute to the Center to give back to the community. Everytime we produce a research project, we also create an AttackIQ Academy course to deliver even more value from the project.”

Highlighted Projects

Adversary Emulation Plans

Understanding defenses from the perspective of the adversary is critical, but often teams lack the resources (expertise and funding) to conduct adversary emulation exercises. The CTID solution is to establish a library of standardized intelligence driven adversary emulation plans that can be easily leveraged by cyberdefenders. Developed over the course of four years with intel from 10+ vendors in the Center, the FIN6 Emulation Plan is one example of a comprehensive and detailed adversary emulation plan resource. FIN6 is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. AttackIQ played a leading role defining the standard, which was then leveraged for FIN7, menuPass, and APT29, and will continue to be leveraged for follow-on standards.

Funding Research Participants

Learn More

Project Resources

Published: 15 September 2020

Center Conversations:
Advancing Adversary Emulation with Ryusuke Masuoka

ATT&CK For Cloud

Defenders lack visibility into adversary behaviors in cloud technologies, leaving their organizations exposed to emerging threats. The Center expanded MITRE ATT&CK to describe adversary behaviors in and against Cloud technologies. This simplified defenders’ use of ATT&CK by aligning ATT&CK’s coverage for Cloud TTPs with how organizations are using Cloud in their operations. AttackIQ contributed directly to Cloud Matrix–defining how it should be laid out, and specifically the separation between infrastructure as a service and SaaS as a service. The project covers AWS, Azure, GCP, Dropbox, Office 365, and other SaaS technologies.

Funding Research Participants

Learn More

Project Resources

Published: 10 December 2020

NIST 800-53 Security Control Mappings to ATT&CK

Large and complex security control frameworks such as NIST 800-53 do not relate to actionable TTPs in ATT&CK. The Center has created a comprehensive and open, curated set of mappings between 800-53 controls and ATT&CK techniques. These mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process. AttackIQ is not only helping customers test their controls against these frameworks, but also helping defenders to translate the results into what CIOs care about, which risk.

Funding Research Participants

Non-Profit Research Participants
Learn More

Project Resources

Updated:10 August 2021

ATT&CK Version 9

ATT&CK Version 8

Security Stack Mappings - Azure

Users of Azure lack a comprehensive view of how native Azure security controls can help defend against real-world adversary TTPs. The Center built a scoring methodology to create mappings showing how effective native Azure security controls are in defending against specific ATT&CK techniques. Defenders are now able to use independent data to understand which Azure controls are most useful in defending against the adversary TTPs they care about.

Funding Research Participants

Learn More

Project Resources

Published on: 29 June 2021

Security Stack Mappings - AWS

Users of AWS lack a comprehensive view of how native AWS security controls can help defend against real-world adversary TTPs. The Center built a scoring methodology to create mappings showing how effective native AWS security controls are in defending against specific ATT&CK techniques. Defenders are now able to use independent data to understand which AWS controls are most useful in defending against the adversary TTPs they care about.

Funding Research Participants

Non-Profit Research Participants
Learn More

Project Resources

Published: 21 September 2021

ATT&CK WorkBench

ATT&CK Workbench is an easy-to-use open-source tool that allows organizations to manage and extend their own local version of ATT&CK and keep it in sync with MITRE’s knowledge base. Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. Organizations or individuals can run their own instances of the application to serve as the centerpiece to a customized version of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Additionally, Workbench provides means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.

Funding Research Participants

Learn More

A full list of all the Center’s projects can be found here.

Project Resources

Published: 22 June 2021

Featured Resources

AttackIQ Joins New Collaborative Research Program to Advance Understanding of Cyber Adversaries and Improve the Effectiveness of Defenses Against Cyber Attacks

The Center for Threat-Informed Defense brings together the best security teams from around the world to improve cyberdefense at scale.
Cloud platforms can stop adversaries. Here’s how.

A landmark innovation from MITRE Engenuity’s Center for Threat-Informed Defense maps cloud security controls in AWS and Azure to MITRE ATT&CK®, elevating cybersecurity effectiveness.
Pioneering Threat Research: ATT&CK and the Center for Threat-Informed Defense

Join Richard Struse, Center Director, Jon Baker, Center Director of Research and Development, and Jonathan Reiber, AttackIQ Senior Director for Cybersecurity Strategy and Policy, for a conversation about the evolution of ATT&CK, how to put it to use, and the future of threat-informed defense research and operations.