About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
  Home > Our Work > Mission Areas > Cybersecurity >

Cybersecurity -- Strengthening Cyber Defense
   
Home
About
Leadership
Thinking
Forward
Contact Us
Focus Areas
Situation
Awareness
Resiliency
Threat-Based
Defense
Partnership
Innovation
Blog:
Cyber Depot
Resource
Center
Research
Standards
Tools
Awareness
& Training
Library
Learn more about MITRE's free mobile app

Threat-Based Defense

Cyber attacks from advanced threats are growing in scope and increasing in frequency. Current defensive strategies are not well-suited to mitigating prolonged and determined attackers leveraging advanced techniques. Most organizations continue to focus on defending against zero-day exploits by relying on commercial security products to block bad sites and software and by patching systems to correct vulnerabilities in installed software. While these approaches are effective against some threats, they fail to stop advanced attacks and provide no knowledge of what an adversary does once the network is penetrated.

A subset of defenders, including MITRE, has adopted a strategy of threat-based defense to significantly improve the defense of their networks, systems, and data. Threat-based defense maximizes the knowledge gained from single, often disparate attacks and related events, and uses that knowledge to reduce the likelihood of success of future attacks.

The success of a threat-based defense approach hinges on cyber threat intelligence analysis, defensive engagement of the threat, and focused sharing and collaboration.

Cyber threat intelligence analysis, or actionable intelligence, strives to develop durable signatures and detect zero-day attacks, better positioning cyber defenders to prevent or quickly contain cyber intrusions that occur. Cyber threat intelligence analysis is aided by the attack lifecycle model built upon the kill chain framework (first articulated by Lockheed Martin). Defenders collect and analyze data and work to correlate it against the stages of an attack.

The Kill Chain Framework

Figure: The Kill Chain Framework

Defensive engagement of the threat across the whole kill chain is critical. The early stages of the kill chain (left of Exploit in the image above) represent an opportunity to proactively detect and mitigate threats before an adversary establishes a foothold. Incident detection/response (right of Exploit in the image above) can be exercised along with assurance of mission-critical assets. Active defense requires a retrospective analysis of threat characteristics across the entire kill chain and a correlation of results to produce tell-tale indicators.

Focused sharing and collaboration among communities of cyber defenders provides a force multiplier effect that can greatly reduce the risk of compromise and loss from cyber threats.

Featured Items


 
Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development
 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us