华盛顿消息：美国国家安全局发布了一个全新的工具，帮助网络战士理解、沟通和选择防御措施来阻止网络攻击。

　　D3FEND工具，正如它所称的那样，旨在补充MITRE ATT&CK 框架。ATT&CK 专注于标准化网络战士理解和谈论进攻的方式，而 D3FEND 则专注于网络防御。

　　这些框架共同为网络战士提供了对网络概念的共同理解和在谈论它们时使用的标准化术语，这应该有助于更清晰的沟通，以便在组织内部和组织之间共享信息和协调防御行动。

　　ATT&CK 可用于构建威胁模型以及实际事件的网络杀伤链，以包括对手的行为及其战术、技术和程序 （TTP），部分原因是 ATT&CK 基于现实世界的威胁。

　　同样，D3FEND 可用于通过“说明 [ing] 计算机网络架构、威胁和网络对策之间复杂的相互作用……阐明 [ing] 以前未指定的防御和进攻方法之间的关系来开发网络防御。”

　　由于 D3FEND 非常详细，因此它可以作为构建、设计和实施网络防御的有用指南。

　　据其网站称，D3FEND 部分基于过去二十年的 500 项对策专利。然而，值得注意的是，D3FEND 和 ATT&CK 是与供应商无关的框架，可用于保护广泛的 IT 环境，包括国家安全系统、国防部网络和国防工业基础资产。

　　美国国家安全局（NSA）资助了MITRE开发 D3FEND的研究，但与 ATT&CK 一样，它现在可以在线免费获得。网络专业人员可以在D3FEND 网站上提供意见和改进建议。

　　Break Defense 联系了美国国家安全局（NSA）征求意见，但在发布之前没有收到任何评论。

　　NSA Releases D3FEND To Improve Cyber Defenses, Info Sharing

　　While ATT&CK focuses on standardizing the way cyber warriors understand and talk about offensive cyber, D3FEND focuses on common defensive measures.

　　By   BRAD D. WILLIAMSon June 24, 2021 at 5:57 PM

　　WASHINGTON: The National Security Agency has released a brand-new tool to help cyber warriors understand, communicate, and choose defensive measures to stop cyberattacks.

　　D3FEND, as it's dubbed, is intended to complement the MITRE ATT&CK framework. Whereas ATT&CK focuses on standardizing the way cyber warriors understand and talk about offense, D3FEND focuses on cyber defenses.

　　Together, the frameworks provide cyber warriors with a common understanding of cyber concepts and a standardized vocabulary to use when talking about them, which should facilitate clearer communication for sharing information and coordinating defensive operations both in and between organizations.

　　ATT&CK can be used to build threat models, as well as cyber kill chains of actual incidents, to include adversaries' behaviors and their tactics, techniques, and procedures （TTPs）， in part because ATT&CK is based on real-world threats.

　　Likewise, D3FEND can be used to develop cyber defenses by “illustrat[ing] the complex interplay between computer network architectures, threats, and cyber countermeasures… illuminat[ing] previously-unspecified relationships between defensive and offensive methods.”

　　Because D3FEND is so detailed, it can serve as a useful guide for architecting, designing, and implementing cyber defenses.

　　D3FEND is based, in part, on 500 countermeasure patents from the last two decades, according to its website. Notably, however, D3FEND and ATT&CK are vendor-agnostic frameworks, which can be applied to safeguarding a wide range of IT environments, including national security systems, Defense Department networks, and defense industrial base assets.

　　NSA funded MITRE's research for developing D3FEND, but like ATT&CK, it's freely available online now. Cyber professionals can provide comments and recommend improvements at the D3FEND website.

　　Breaking Defense reached out to NSA for comments, but did not receive any before publication.