Chronicle-RGB-Horz-Color (1)


SANS 2022 ATT&CK™ and D3FEND™ Report

Incorporating Frameworks into Your Analysis and Intelligence 

In this whitepaper, SANS looks at two complementary frameworks that defenders should utilize: MITRE ATT&CK™ and MITRE D3FEND™. Aptly named, these frameworks describe adversary techniques and defense countermeasures, respectively.

Since its introduction, multiple security controls and vendors have aligned their products and detections to ATT&CK. However, we have seen little representation of D3FEND—something we aim to change with this whitepaper.

This whitepaper covers the following topics:

  • An understanding of the ATT&CK and D3FEND frameworks.
  • The strengths of each framework as it pertains to enterprise security.
  • How the frameworks can be utilized to help strengthen incident analysis and response.
  • How to incorporate both frameworks into your threat intelligence capabilities.


Screen Shot 2022-02-09 at 3.25.45 PM