271 defences1,837 crosswalks

D3FENDD3FEND defensive matrix

7 tactics · 271 defensive techniques · 1,837 defends_against crosswalks to MITRE ATT&CK. Authored by Adam Lundqvist.

TACTICModelHardenDetectIsolateDeceiveEvictRestoreLEVELTechniqueSub-technique
ATT&CK coverage
0
1
2-3
4-5
6+

MODModel27 techniques

D3-AI
Asset Inventory
D3-CI
Configuration Inventory
D3-DI
Data Inventory
D3-AVE
Asset Vulnerability Enumeration
D3-CIA
Container Image Analysis
D3-SWI
Software Inventory
D3-AM
Access Modeling
D3-OAM
Operational Activity Mapping
D3-NM
Network Mapping
D3-HCI
Hardware Component Inventory
D3-NTPM
Network Traffic Policy Mapping
D3-ALLM
Active Logical Link Mapping
D3-APLM
Active Physical Link Mapping
D3-DPLM
Direct Physical Link Mapping
D3-LLM
Logical Link Mapping
D3-NNI
Network Node Inventory
D3-PLLM
Passive Logical Link Mapping
D3-PLM
Physical Link Mapping
D3-SYSM
System Mapping
D3-SYSVA
System Vulnerability Assessment
D3-DEM
Data Exchange Mapping
D3-NVA
Network Vulnerability Assessment
D3-ODM
Operational Dependency Mapping
D3-OM
Organization Mapping
D3-ORA
Operational Risk Assessment
D3-SVCDM
Service Dependency Mapping
D3-SYSDM
System Dependency Mapping

HARHarden55 techniques

D3-PH
Platform Hardening
D3-FE
File Encryption
D3-AA
Agent Authentication
D3-CH
Credential Hardening
D3-MFA
Multi-factor Authentication
D3-SU
Software Update
D3-TBA
Token-based Authentication
D3-CDP
Change Default Password
D3-CERO
Certificate Rotation
D3-CRO
Credential Rotation
D3-PWA
Password Authentication
D3-SPP
Strong Password Policy
D3-OTP
One-time Password
D3-PR
Password Rotation
D3-TB
Token Binding
D3-CBAN
Certificate-based Authentication
D3-BAN
Biometric Authentication
D3-AH
Application Hardening
D3-SCP
System Configuration Permissions
D3-PSEP
Process Segment Execution Prevention
D3-SAOR
Segment Address Offset Randomization
D3-EMH
Electromagnetic Radiation Hardening
D3-RFS
RF Shielding
D3-RH
Radiation Hardening
D3-SFCV
Stack Frame Canary Validation
D3-ACH
Application Configuration Hardening
D3-DRA
Disable Remote Access
D3-DENCR
Disk Encryption
D3-BA
Bootloader Authentication
D3-CP
Certificate Pinning
D3-CS
Credential Scrubbing
D3-DLV
Domain Logic Validation
D3-HBWP
Hardware-based Write Protection
D3-SCH
Source Code Hardening
D3-TL
Trusted Library
D3-VI
Variable Initialization
D3-BMA
Bus Message Authentication
D3-CFI
Control Flow Integrity
D3-DCE
Dead Code Elimination
D3-DLIC
Driver Load Integrity Checking
D3-EHPV
Exception Handler Pointer Validation
D3-IRV
Integer Range Validation
D3-MAN
Message Authentication
D3-MBSV
Memory Block Start Validation
D3-MENCR
Message Encryption
D3-MH
Message Hardening
D3-NPC
Null Pointer Checking
D3-OLV
Operational Logic Validation
D3-PAN
Pointer Authentication
D3-PEH
Physical Enclosure Hardening
D3-PV
Pointer Validation
D3-RN
Reference Nullification
D3-TAAN
Transfer Agent Authentication
D3-TBI
TPM Boot Integrity
D3-VTV
Variable Type Validation

DETDetect0 techniques

ISOIsolate0 techniques

DECDeceive11 techniques

D3-DO
Decoy Object
D3-DF
Decoy File
D3-DUC
Decoy User Credential
D3-DNR
Decoy Network Resource
D3-CHN
Connected Honeynet
D3-DE
Decoy Environment
D3-IHN
Integrated Honeynet
D3-SHN
Standalone Honeynet
D3-DP
Decoy Persona
D3-DPR
Decoy Public Release
D3-DST
Decoy Session Token

EVIEvict0 techniques

RESRestore12 techniques

D3-RO
Restore Object
D3-RF
Restore File
D3-RC
Restore Configuration
D3-RA
Restore Access
D3-RS
Restore Software
D3-RD
Restore Database
D3-RIC
Reissue Credential
D3-RUAA
Restore User Account Access
D3-ULA
Unlock Account
D3-RNA
Restore Network Access
D3-RE
Restore Email
D3-RDI
Restore Disk Image
Sourced from MITRE D3FEND ontology. Cross-walks ingested via the D3FEND CSV feed. Curated by Adam Lundqvist, Founder at SQUR.
D3FEND defensive matrix | SQUR Knowledge Base