華盛頓消息：美國國家安全局發(fā)布了一個全新的工具，幫助網絡戰(zhàn)士理解、溝通和選擇防御措施來阻止網絡攻擊。

　　D3FEND工具，正如它所稱的那樣，旨在補充MITRE ATT&CK 框架。ATT&CK 專注于標準化網絡戰(zhàn)士理解和談論進攻的方式，而 D3FEND 則專注于網絡防御。

　　這些框架共同為網絡戰(zhàn)士提供了對網絡概念的共同理解和在談論它們時使用的標準化術語，這應該有助于更清晰的溝通，以便在組織內部和組織之間共享信息和協調防御行動。

　　ATT&CK 可用于構建威脅模型以及實際事件的網絡殺傷鏈，以包括對手的行為及其戰(zhàn)術、技術和程序 （TTP），部分原因是 ATT&CK 基于現實世界的威脅。

　　同樣，D3FEND 可用于通過“說明 [ing] 計算機網絡架構、威脅和網絡對策之間復雜的相互作用……闡明 [ing] 以前未指定的防御和進攻方法之間的關系來開發(fā)網絡防御。”

　　由于 D3FEND 非常詳細，因此它可以作為構建、設計和實施網絡防御的有用指南。

　　據其網站稱，D3FEND 部分基于過去二十年的 500 項對策專利。然而，值得注意的是，D3FEND 和 ATT&CK 是與供應商無關的框架，可用于保護廣泛的 IT 環(huán)境，包括國家安全系統、國防部網絡和國防工業(yè)基礎資產。

　　美國國家安全局（NSA）資助了MITRE開發(fā) D3FEND的研究，但與 ATT&CK 一樣，它現在可以在線免費獲得。網絡專業(yè)人員可以在D3FEND 網站上提供意見和改進建議。

　　Break Defense 聯系了美國國家安全局（NSA）征求意見，但在發(fā)布之前沒有收到任何評論。

　　NSA Releases D3FEND To Improve Cyber Defenses, Info Sharing

　　While ATT&CK focuses on standardizing the way cyber warriors understand and talk about offensive cyber, D3FEND focuses on common defensive measures.

　　By   BRAD D. WILLIAMSon June 24, 2021 at 5:57 PM

　　WASHINGTON: The National Security Agency has released a brand-new tool to help cyber warriors understand, communicate, and choose defensive measures to stop cyberattacks.

　　D3FEND, as it's dubbed, is intended to complement the MITRE ATT&CK framework. Whereas ATT&CK focuses on standardizing the way cyber warriors understand and talk about offense, D3FEND focuses on cyber defenses.

　　Together, the frameworks provide cyber warriors with a common understanding of cyber concepts and a standardized vocabulary to use when talking about them, which should facilitate clearer communication for sharing information and coordinating defensive operations both in and between organizations.

　　ATT&CK can be used to build threat models, as well as cyber kill chains of actual incidents, to include adversaries' behaviors and their tactics, techniques, and procedures （TTPs）， in part because ATT&CK is based on real-world threats.

　　Likewise, D3FEND can be used to develop cyber defenses by “illustrat[ing] the complex interplay between computer network architectures, threats, and cyber countermeasures… illuminat[ing] previously-unspecified relationships between defensive and offensive methods.”

　　Because D3FEND is so detailed, it can serve as a useful guide for architecting, designing, and implementing cyber defenses.

　　D3FEND is based, in part, on 500 countermeasure patents from the last two decades, according to its website. Notably, however, D3FEND and ATT&CK are vendor-agnostic frameworks, which can be applied to safeguarding a wide range of IT environments, including national security systems, Defense Department networks, and defense industrial base assets.

　　NSA funded MITRE's research for developing D3FEND, but like ATT&CK, it's freely available online now. Cyber professionals can provide comments and recommend improvements at the D3FEND website.

　　Breaking Defense reached out to NSA for comments, but did not receive any before publication.