people looking at map

Center for Threat-Informed Defense Expands Cybersecurity Community Resources for Applying MITRE ATT&CK

McLean, Va. & Bedford, Mass., April 10, 2024 — To support the cybersecurity community with implementation of threat-informed defense, MITRE Engenuity™ announced its Center for Threat-Informed Defense (Center) is releasing two new resources, Mappings Explorer and M3TID.

“Through our collaborative R&D program, we’re working with our member’s cybersecurity teams from around the world to advance the state of the art and the state of the practice in threat-informed defense,” said Jon Baker, director, Center for Threat-Informed Defense. “We aim to improve cyber defense globally by fundamentally shifting the economics of cyber-attacks in favor of the defenders and changing the game on the adversary.”

Understanding the relationship between security capabilities and adversary behaviors is foundational to threat-informed defense. Mappings Explorer enables cyber defenders to understand how security controls and capabilities protect against the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. This new resource consolidates the Center’s collection of open, independently developed mappings between security capabilities and ATT&CK into a central hub that is searchable and customizable. Cyber defenders now have easy access to explore mapped security capabilities— making their defenses more efficient and effective against the threats that matter most to them.

M3TID— short for measure, maximize, and mature threat-informed defense— helps security operations centers (SOC) determine how well they are optimally leveraging threat information. By leveraging M3TID to understand their current maturity level and identify areas for improvement, organizations can make targeted investments and strategic decisions to strengthen their defenses, whether it be in cyber threat intelligence, defensive measures, or testing and evaluation. This resource, combined with the MITRE Engenuity ATT&CK Evaluations of vendors and managed service providers against specific adversaries, offers more objective data on which cybersecurity products and services may best fit their individual needs.

Beyond these two new tools, the Center also expanded three of its resources:

  1. Sightings Ecosystem – MITRE ATT&CK tells defenders what they can look for, and the Sightings Ecosystem provides additional contextual information needed to make informed decisions about how to respond to the threat. The Center compiled a second round of sightings of adversary behaviors in the wild over a two-year period. Out of the 353 unique techniques from 198 countries that were sighted, the Center analyzed the top 15 techniques and provides that analysis free of charge.
  2. Security Stack Mappings – Aligning MITRE ATT&CK to the security capabilities available in widely used cloud platforms helps all defenders understand and apply these capabilities. The Center developed mappings for Google Cloud PlatformAWS, and Azure, and will release mappings for M365 by the end of April.
  3. Insider Threat TTP Knowledge Base – This open knowledge base of the tactics, techniques, and procedures (TTP) used by insiders in IT environments enables SOCs to detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Version 2.0 adds a new data source, called Observable Human Indicators, to help identify insiders and expand the knowledge base with new insider TTPs.

Created with open-source software, methodologies, and frameworks with input from 38 Center members, these new resources along with the Center’s other R&D projects are freely available to cyber defenders through the Center’s website

Cyber defenders also can learn about the new resources at three upcoming events:

In-person registration for the events in Singapore and Brussels is sold out, but virtual registration is still available.

About The Center for Threat-Informed Defense 

The center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact


MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

Media Contact: Lisa Fasold,