華盛頓消息：美國(guó)國(guó)家安全局發(fā)布了一個(gè)全新的工具，幫助網(wǎng)絡(luò)戰(zhàn)士理解、溝通和選擇防御措施來(lái)阻止網(wǎng)絡(luò)攻擊。

　　D3FEND工具，正如它所稱的那樣，旨在補(bǔ)充MITRE ATT&CK 框架。ATT&CK 專注于標(biāo)準(zhǔn)化網(wǎng)絡(luò)戰(zhàn)士理解和談?wù)撨M(jìn)攻的方式，而 D3FEND 則專注于網(wǎng)絡(luò)防御。

　　這些框架共同為網(wǎng)絡(luò)戰(zhàn)士提供了對(duì)網(wǎng)絡(luò)概念的共同理解和在談?wù)撍鼈儠r(shí)使用的標(biāo)準(zhǔn)化術(shù)語(yǔ)，這應(yīng)該有助于更清晰的溝通，以便在組織內(nèi)部和組織之間共享信息和協(xié)調(diào)防御行動(dòng)。

　　ATT&CK 可用于構(gòu)建威脅模型以及實(shí)際事件的網(wǎng)絡(luò)殺傷鏈，以包括對(duì)手的行為及其戰(zhàn)術(shù)、技術(shù)和程序 （TTP），部分原因是 ATT&CK 基于現(xiàn)實(shí)世界的威脅。

　　同樣，D3FEND 可用于通過(guò)“說(shuō)明 [ing] 計(jì)算機(jī)網(wǎng)絡(luò)架構(gòu)、威脅和網(wǎng)絡(luò)對(duì)策之間復(fù)雜的相互作用……闡明 [ing] 以前未指定的防御和進(jìn)攻方法之間的關(guān)系來(lái)開(kāi)發(fā)網(wǎng)絡(luò)防御?！?/p>

　　由于 D3FEND 非常詳細(xì)，因此它可以作為構(gòu)建、設(shè)計(jì)和實(shí)施網(wǎng)絡(luò)防御的有用指南。

　　據(jù)其網(wǎng)站稱，D3FEND 部分基于過(guò)去二十年的 500 項(xiàng)對(duì)策專利。然而，值得注意的是，D3FEND 和 ATT&CK 是與供應(yīng)商無(wú)關(guān)的框架，可用于保護(hù)廣泛的 IT 環(huán)境，包括國(guó)家安全系統(tǒng)、國(guó)防部網(wǎng)絡(luò)和國(guó)防工業(yè)基礎(chǔ)資產(chǎn)。

　　美國(guó)國(guó)家安全局（NSA）資助了MITRE開(kāi)發(fā) D3FEND的研究，但與 ATT&CK 一樣，它現(xiàn)在可以在線免費(fèi)獲得。網(wǎng)絡(luò)專業(yè)人員可以在D3FEND 網(wǎng)站上提供意見(jiàn)和改進(jìn)建議。

　　Break Defense 聯(lián)系了美國(guó)國(guó)家安全局（NSA）征求意見(jiàn)，但在發(fā)布之前沒(méi)有收到任何評(píng)論。

　　NSA Releases D3FEND To Improve Cyber Defenses, Info Sharing

　　While ATT&CK focuses on standardizing the way cyber warriors understand and talk about offensive cyber, D3FEND focuses on common defensive measures.

　　By   BRAD D. WILLIAMSon June 24, 2021 at 5:57 PM

　　WASHINGTON: The National Security Agency has released a brand-new tool to help cyber warriors understand, communicate, and choose defensive measures to stop cyberattacks.

　　D3FEND, as it's dubbed, is intended to complement the MITRE ATT&CK framework. Whereas ATT&CK focuses on standardizing the way cyber warriors understand and talk about offense, D3FEND focuses on cyber defenses.

　　Together, the frameworks provide cyber warriors with a common understanding of cyber concepts and a standardized vocabulary to use when talking about them, which should facilitate clearer communication for sharing information and coordinating defensive operations both in and between organizations.

　　ATT&CK can be used to build threat models, as well as cyber kill chains of actual incidents, to include adversaries' behaviors and their tactics, techniques, and procedures （TTPs）， in part because ATT&CK is based on real-world threats.

　　Likewise, D3FEND can be used to develop cyber defenses by “illustrat[ing] the complex interplay between computer network architectures, threats, and cyber countermeasures… illuminat[ing] previously-unspecified relationships between defensive and offensive methods.”

　　Because D3FEND is so detailed, it can serve as a useful guide for architecting, designing, and implementing cyber defenses.

　　D3FEND is based, in part, on 500 countermeasure patents from the last two decades, according to its website. Notably, however, D3FEND and ATT&CK are vendor-agnostic frameworks, which can be applied to safeguarding a wide range of IT environments, including national security systems, Defense Department networks, and defense industrial base assets.

　　NSA funded MITRE's research for developing D3FEND, but like ATT&CK, it's freely available online now. Cyber professionals can provide comments and recommend improvements at the D3FEND website.

　　Breaking Defense reached out to NSA for comments, but did not receive any before publication.