If you've worked in cybersecurity for more than a year, you're probably familiar with the term CVE—short for Common Vulnerabilities and Exposures. You might also know about the ATT&CK Framework, which stands for Adversarial Tactics, Techniques, and Common Knowledge. These are two major contributions the non-profit MITRE Corporation has made to the cybersecurity world.

MITRE's influence extends beyond cyber. They work in defense and intelligence, aviation, civil systems, homeland security, judiciary, and healthcare. All these federally funded resources, including cybersecurity, aim to solve some of the nation's biggest problems through independent research and development.

MITRE excels at creating a common vocabulary and flexible frameworks that help unite our industry. While MITRE does much more than ATT&CK, this course focuses on the ATT&CK Framework. Let's look closer at the group within MITRE responsible for all things ATT&CK: MITRE Engenuity.

MITRE Engenuity, a distinct entity within the larger MITRE Corporation, develops and manages the ATT&CK Framework. It drives innovation and collaboration in cybersecurity by bringing together experts, researchers, and organizations from both public and private sectors.

As an independent, non-profit entity, MITRE Engenuity fosters a trusted environment for organizations to collaborate, share knowledge, and develop cutting-edge solutions to emerging cybersecurity challenges. This collaborative approach allows continuous improvement of the ATT&CK Framework, ensuring it remains relevant and effective in addressing the evolving threat landscape.

MITRE Engenuity also works on other cybersecurity initiatives. These include the Center for Threat-Informed Defense, which develops practical solutions to strengthen cyber defense, and the Cybersecurity Testing and Evaluation program, which validates the effectiveness of security tools and solutions in real-world scenarios.

By promoting the ATT&CK Framework and driving collaboration among cybersecurity stakeholders, MITRE Engenuity plays a crucial role in shaping the future of cybersecurity and helping organizations stay ahead of adversaries. Through its work, the group has earned a reputation as a trusted authority and thought leader, significantly impacting how organizations approach cyber defense.

Center for Threat-Informed Defense (CTID)

The Center for Threat-Informed Defense (CTID) is a non-profit, privately funded research and development organization operated by MITRE Engenuity. It comprises participant organizations from around the globe with highly sophisticated security teams. The CTID was founded to maintain and accelerate the evolution of the ATT&CK project and other publicly available resources critical to cyber defense.

The CTID engages in research and development projects with its members, who come from various industries including critical infrastructure, security, technology, and cybersecurity non-profits. These collaborations aim to advance the state of the art and practice of threat-informed defense.

The CTID conducts research in several areas, including:

• Improving global understanding of adversary tradecraft, such as expanding the ATT&CK framework to new technology domains like cloud computing.
• Measuring evolving adversary behavior, for example, by creating a "top-techniques" calculator that lists adversary techniques most likely to impact your organization.
• Enabling continuous assessment of defenses through the development, sharing, and automation of adversary emulation playbooks. This is evident in the release of several adversary emulation plans.
• Identifying and researching new ways to thwart ATT&CK techniques across the Protect, Detect, and Respond stages of defense.

All research and development outputs from the CTID are made globally available to maximize their impact.

ATT&CK Evaluations