In this whitepaper, SANS looks at two complementary frameworks that defenders should utilize: MITRE ATT&CK™ and MITRE D3FEND™. Aptly named, these frameworks describe adversary techniques and defense countermeasures, respectively.
Since its introduction, multiple security controls and vendors have aligned their products and detections to ATT&CK. However, we have seen little representation of D3FEND—something we aim to change with this whitepaper.
This whitepaper covers the following topics: