How to Counter MITRE ATT&CK with MITRE D3FEND

Presented by

John S. Mancini, PhD. Group Product Manager for Detect for SaaS at Vectra AI

About this talk

MITRE and the NSA are advising organizations to implement the D3FEND framework in their security plans. This framework provides all the actions needed for security teams to counter the attacker actions defined in the Attacker Tactics and Techniques (ATT&CK) framework. In this video, we cover the following: ► How D3FEND relates to ATT&CK ► The benefits of D3FEND ► Practical tips for using D3FEND to improve your security readiness 00:00 Introduction to MITRE ATT&CK and MITRE D3FEND 02:08 Who is MITRE? 05:23 The origins of the MITRE ATT&CK Framework 07:16 What is the MITRE ATT&CK Matrix 09:14 MITRE ATT&CK Framework updates 11:14 How to understand the MITRE ATT&CK Framework 14:02 The anatomy of a MITRE ATT&CK Technique 16:05 How to use the MITRE ATT&CK Framework 16:18 The MITRE ATT&CK Navigator 16:57 Communicating around cyberattacks 18:40 Mapping and documenting the current coverage around the attack 19:47 Building defense to prevent a cyberattack 20:45 MITRE ATT&CK limitations 24:28 What is the MITRE D3FEND framework? 25:43 The History of the MITRE D3FEND framework 27:42 The anatomy of a MITRE D3FEND countermeasure 28:54 The MITRE D3FEND Navigator 29:38 How to start using MITRE D3FEND 31:19 Key takeaways about MITRE ATT&CK and MITRE D3FEND 32:40 How Vectra leverages the MITRE frameworks 35:03 Q&A around MITRE ATT&CK and D3FEND

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (27)
Subscribers (1163)
Vectra® is the leader in Security AI-driven cyber threat detection and response for hybrid cloud. Vectra’s patented Attack Signal Intelligence™ detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit