RangeForce, the company that empowers team cyber defense readiness at scale, today announced the addition of MITRE D3FEND and MITRE ATT&CK modules and reporting to its interactive cyber readiness development platform which enables organizations to tailor their individual and team training programs to master specific skills required to protect against cyber threats. The new modules map to the library of defensive cybersecurity countermeasures in the MITRE D3FEND and attack techniques in MITRE ATT&CK.
In addition to the MITRE ATT&CK Framework, which documents attacker tactics and techniques based on real-world observations, RangeForce also supports MITRE D3FEND, a “knowledge-graph” that contains a library of defensive cybersecurity countermeasures, technical components, and their associations and capabilities for cyber defenders. RangeForce enables organizations, through individual and team exercises, to master key defensive skills that range from application hardening and file analysis to message and network traffic analysis.
“In addition to focusing on defending specific attack tactics and techniques defined in MITRE ATT&CK, support for MITRE D3FEND in RangeForce focuses on developing the analytical skills needed to identify threat crumbs or signals that a compromise is under way,” said Jeff Orloff, VP of Product and Technical Services at RangeForce. “Customers can tailor their defensive readiness development based on core defensive skills they want individual team members to master, and validate them with team exercises before they focus on acquiring new countermeasure capabilities.”
RangeForce Support for MITRE D3FEND and ATT&CK
The RangeForce platform now provides individual learning modules, advanced reporting and live team-based threat exercises that map to the MITRE D3FEND defensive cybersecurity techniques and MITRE ATT&CK tactics. These new capabilities enable security leaders to assess at a glance how team members are progressing in acquiring the skills defined in D3FEND and ATT&CK, compare the organization’s cyber readiness to industry peers via benchmarks, and identify skill gaps to be addressed.
For example, D3FEND and ATT&CK reporting provides the following capabilities to assess, monitor and manage cyber security readiness for individual security analysts and security teams collectively:
- Quarterly, bi-annual and annual measurements of module completion for tactics or techniques in each framework
- A side-by-side comparison of organizational and team readiness versus the industry average for each tactic or technique
- Course coverage of all MITRE D3FEND techniques and MITRE ATT&CK tactics within the RangeForce content library
- Individual and team assessment of MITRE framework skills to determine comprehension, readiness and knowledge gaps
RangeForce covers the full range of techniques and tactics in ATT&CK including: reconnaissance, resource development, initial access, execution, persistence, privilege escalation, defense evasion, credential access and discovery.
Meanwhile, RangeForce also maps to the defensive cybersecurity techniques in D3FEND including application hardening, credential eviction and hardening, decoy environment and decoy object, execution isolation, file, identifier and message analysis, message hardening, and more.