RSA 2024

A globally accessible, living knowledge base of adversary tactics and techniques based on real-world attack observations and realistic demonstrations from AI red teams and security groups.

A globally accessible knowledge base of adversary behaviors based on real-world observations.

Evaluations follow a rigorous, transparent methodology, using a collaborative, threat-informed purple-teaming approach to evaluate solutions within the context of ATT&CK.

A scalable, automated adversary emulation platform that empowers cyber practitioners to save time, money, and energy through automated security assessments.

Common Attack Pattern Enumeration and Classification provides a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities.

Cloud Adversarial, Vectors, Exploits, and Threats is a threat-informed framework addressing the unique risks of cloud environments with detailed security guidance to ensure implementation of detection and mitigation capabilities.

The privately funded research and development center brings together sophisticated security teams from leading organizations around the world to conduct and share research that improves our collective ability to prevent, detect, and respond to cyber-attacks.

Cyber Resiliency Engineering Framework Navigator is a platform in which the complex relationships of NIST SP 800-160 Volume 2 can be searched and visualized, informing engineers designing resilient cyber solutions.

The Common Vulnerabilities and Exposures program identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.

Common Weakness Enumeration serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

The MITRE-developed, National Security Agency-funded framework offers an open model with standardized vocabulary for employing techniques to counter malicious cyber activity.

A framework for communicating and planning cyber adversary engagement, deception, and denial activities. 

Enhanced CTI Sharing for Partner Organizations (ECHO) is an application that mines and contextualizes cyber threat intelligence.

A resource focused on defeating the increasing number of attacks aimed at the healthcare sector.

Data-driven frameworks, indicators, methodologies, mitigations, operational successes, and thought leadership to reduce the risk from harmful acts undertaken by trusted employees inside an organization.

Open Vulnerability and Assessment Language is a community-developed language for determining vulnerability and configuration issues on computer systems.

The playbook provides insights on how an organization can develop or evolve an approach to creating threat models in a systematic and consistent way.

The Security Automation Framework supports security processes at all stages of the software lifecycle, from planning secure system design to analyzing operational security data.

A framework that provides a comprehensive, community driven knowledge base of supply chain security risks and a customizable risk assessment process.

Structured Threat information eXpression is a collaborative, community-driven effort to define and develop a structured language to represent cyber threat information.

Trusted Automated eXchange of Indicator Information is the preferred method of exchanging information using the STIX Language, enabling organizations to share structured cyber threat information in a secure and automated manner.

The playbook covers best practices for managers, technical leads, engineers, and analysts to level up cyber defenses.