Introducing MITRE D3FEND
I have found that since we adopted the MITRE ATT&CK framework for much of the red team work that we do here at Security Compass Advisory, and after talking to other people in the industry, it has significantly changed the way that we can communicate our findings. It’s added structure and many other positive traits.
Now, with MITRE D3FEND, the blue team side has a corresponding framework. I was curious to know if it would fill a gap for our defender counterparts. Ismael agreed that “the community needs more of this, absolutely.” There’s a lack of information out there on what makes a good defender and what defensive measures an organization should take.
“When I started in security, I started as a pen tester just because it’s cool, being paid for hacking into other organizations and breaking things,” Ismael said. “But at some point I realized that the value is in having that knowledge, those skills, and then using them to defend the organization against the bad guys.”
Easier said than done, of course. “That’s where a lot of people are truly, truly struggling,” Ismael said, “because it’s hard and it’s not just about the tools. It’s about the mindset. It’s about the strategy, the tactics. So I think this is a good step in the right direction.”
For Ismael, getting the connection right is his passion. “I like to tell people, ‘think red, act blue.’ That’s my philosophy. Think as an attacker, as a red teamer, but to be a better defender.”
A big thank you to Ismael for joining us and lending his insight on the world of blue teaming. You can find him on Twitter or teaching webinars and live sessions for SANS and others.