The US National Security Agency (NSA) is funding the development of a defensive countermeasure base – termed D3FEND – to the most common techniques used by cybercriminals.
D3FEND is available through the nonprofit MITRE Corporation. The catalog provides defensive cybersecurity techniques in relation to offensive (adversary) techniques.
Initially, the D3FEND release was used as an “early stage experimental research project” to help better standardize the terminology associated with defensive cybersecurity technology and techniques.
The NSA reported that D3FEND will better help illuminate the relationship between cyberdefense and cyberoffense techniques that were previously unspecified, and the interplay between computer network architecture, cyber threats, and their countermeasures.
D3FEND works as a complement to the existing ATT&CK framework, which is commonly used as a knowledge base of cyber adversary techniques and tactics based on real-world observations and applications.
D3FEND, like ATT&CK illuminates ways to counter offensive techniques and how defensive tactics impact a malicious actor’s ability to succeed.
“By framing computer network defender complexity of countermeasure functions and techniques as granularly as ATT&CK frames computer network attacker techniques, D3FEND enables cybersecurity professionals to tailor defenses against specific cyber threats, thereby reducing a system’s potential attack surface,” the NSA said.
“As a result, D3FEND will drive more effective design, deployment, and defense of networked systems writ large,” the agency added.