Researchers, Assemble!

Last week, our friends at the MITRE Corporation announced a game changer: the formation of the Center for Threat-Informed Defense, a collaborative research initiative by the best security teams in the world. The goal: improve cyber defense at scale by uniting esteemed organizations across sectors. Red Canary is proud to be a founding research sponsor of this project, alongside American Express, Booz Allen Hamilton, Citi, Fujitsu, Microsoft, Siemens, and US Bank. MITRE Engenuity™ created the center in response to feedback from the cyber security community for a non-commercial, non-profit focal point that would sustain and accelerate the evolution of publicly available resources critical to cyber defense.

Red Canary CEO Brian Beyer commented, “Cyber security is evolving—part of that includes sharing valuable threat information across the community so we can improve defenses. We’re proud to be teaming up with some of the world’s best security teams to inform the greater good and keep supporting the work MITRE and the ATT&CK team is doing.”

Red Canary has been a longtime proponent of ATT&CK as a common language to communicate about adversary tactics, techniques, and behaviors. Three Canaries spoke at last month’s ATT&CKcon in McLean, Virginia, and all three touched on an overlapping theme: security takes a village, and ATT&CK keeps everyone on the same page. The more detection insight shared across the industry, the better everyone will be.

The Center for Threat-Informed Defense will accelerate development of ATT&CK in new ways, including:

• Expansion into new technology domains
• Establishment of a “most wanted” list of adversary techniques
• Maturation and transition of MITRE’s current ATT&CK-based security operations center assessment methodology to organizations who can deliver it at scale
• Development of automated adversary emulation playbooks

Looking ahead, the Center for Threat-Informed Defense will be yet another valuable way to collectively improve security using ATT&CK. We look forward to incorporating new developments and discoveries into our webinars, Atomic Fridays, and our annual Threat Detection Report. Together we can deepen our understanding of adversary behavior and use that knowledge to fortify our collective defenses.