The Center for Threat-Informed Defense: Impacting the Public Good

The Center for Threat-Informed Defense is transforming the practice of cybersecurity and elevating security teams' performance all over the world. This blog post looks at research highlights from Center's retrospective 2021 Impact Report, explains why the Center is so important to us at AttackIQ, and shows security teams how to elevate their program performance using a range of free educational resources derived from the Center's research. Read More

When Rich Struse first approached me with his idea for starting the Center for Threat-Informed Defense, I jumped in immediately because I knew it would have a powerful impact on cybersecurity effectiveness for defenders all over the world. For decades, cyberdefenders had long needed a means to measure and test their security program performance against real-world threats. The great news, starting in 2015, was that the MITRE ATT&CK® framework emerged to help them do just that. But there was more that could be done to amplify the goodness that ATT&CK provided. The Center came into being to help spread the word about those transformative opportunities. In just three short years since its founding, and with over 13 publications behind it to date, the Center for Threat-Informed Defense has more than surpassed our expectations. 

Now you have a single place to look for a summary of the Center’s achievements. As a founding research partner of the Center for Threat-Informed Defense, we are immensely proud of the Center’s new 2021 Impact Report. This blog post looks at how the Center is transforming the practice of cyberdefense operations and planning, explains why the Center is so important to all of us at AttackIQ, and shows you how you can apply the Center’s research today to help elevate your cybersecurity program performance using a range of educational resources we’ve developed together. Read on for more.  

For those that don’t know it yet, the Center’s mission is to “advance the state of the art and the state of the practice in threat-informed defense globally.” A non-profit, privately funded research and development organization operated by MITRE Engenuity, the Center is comprised of participant organizations from around the globe with highly sophisticated security teams. Along with Bank of America, Citi, HCA, and JPMorganChase, AttackIQ is a founding research partner. Research sponsors include Microsoft, Google Cloud, Fujitsu, and Siemens, among others, and non-profit partners include inter alia the Center for Internet and Security, the Cyber Threat Alliance, and the FS-ISAC. You can see the full list of partners, sponsors, and participants below. 

At AttackIQ, our strategy is built on what we call the “three Ps”– our platform, our partnerships, and the practice of threat-informed defense – and the Center’s work informs all three. How so?  

First, we incorporate the Center’s research into our Security Optimization Platform, from how we validate Azure and AWS, to the attack graphs (or attack flows) we build to map adversary attack patterns and test our customers’ security controls, to our work in compliance optimization. You can read more about how we leverage this research in our platform on our platform page and our solutions page. 

Our partnership with the Center for Threat-Informed Defense also enables our work with other partners in the cybersecurity industry. Microsoft and AttackIQ, for example, are working together to automate testing using MITRE ATT&CK and a threat-informed defense. AttackIQ enables Microsoft customers to test their use of Microsoft Defender for Endpoint, Azure native cloud security controls, and Microsoft Sentinel, running adversary emulations against customers’ security programs to generate detailed data that teams can use. With granular performance data, customers can make threat-informed decisions about people, processes, and technology, and elevate their security program’s overall performance. 

Finally, at AttackIQ we leverage the Center’s work by enabling the practice of threat-informed defense for our customers through AttackIQ Vanguard, our managed security service for breach and attack simulation, and by educating the broader cybersecurity community through AttackIQ Academy, where we make the Center’s research available through an applied research curriculum for improving cybersecurity operational effectiveness. These are some of the ways we enable the practice of threat-informed defense.  

To date, the Center has published 13 projects since 2019. A quick look at some of the Center’s research below shows why and how it is having such an impact. (These images all come from the Center’s Impact Report.)

For each of the projects for which AttackIQ has been a research partner, we have amplified the Center’s research to help defenders improve the effectiveness of their cybersecurity programs. Our applied operational research guides include MITRE ATT&CK for Dummies, published with a foreword by Rich Struse, founding Director of the Center for Threat-Informed Defense, The CISO’s Guide to Cloud Security Using ATT&CK, and The CISO’s Guide to Better Vulnerability Management Using MITRE ATT&CK, to name a few. To look at all of our applied research publications, you can visit our Resources page. 

In matters of education, AttackIQ Academy includes courses inspired and based on research from the Center for Threat-Informed Defense, including how to build a Threat-Informed Architecture, MITRE ATT&CK Security Stack Mappings for Azure and AWS, Mapping MITRE ATT&CK to CVE for Impact, and Uniting Threat and Risk Management with NIST 800-53 and MITRE ATT&CK. For more on our courses, which we make available to anyone around the world for free, please see AttackIQ Academy at  

We are immensely pleased with what the Center has achieved to date, from adversary emulation, to advancing our understanding of threats to cloud technologies, to connecting security controls to the real-world threats that those controls are designed to defend us against. And we are immensely excited for the Center’s forthcoming research, to include more on cloud security and research into operational technology (OT) security, among other projects.  

Finally, to learn more about the Center’s work to date and what is happening next, I urge you to tune into our webinar on the Center’s work with the Center’s Director for Research and Development, Jon Baker, Assistant Director for Research and Development, Ingrid Skoog, and me. It is happening on February 10, 2022 at 11:30 AM PT, 2:30 PM ET, and 7:30 PM GMT, and can access it here. The webinar will also be available on demand at the same link.