MITRE D3FEND Framework

D3FEND Learning Hub

Master defensive countermeasures with the MITRE D3FEND framework. Learn practical techniques to defend against adversary attacks.

7Defensive Tactics
31Techniques
7Free Access
View Official D3FEND Matrix
Purple Team Ready

D3FEND techniques are mapped to ATT&CK attacks. Explore the Purple Team Matrix to see how defenses counter specific threats.

The 7 D3FEND Defensive Tactics

Model
Map assets, vulnerabilities, and dependencies to...
Harden
Strengthen systems and reduce the attack...
Detect
Identify adversary activity and potential threats...
Isolate
Contain threats and restrict access by...
Deceive
Deploy honeypots, decoys, and misdirection to...
Evict
Remove adversary presence from compromised systems...
Restore
Return systems to a known good...

D3FEND Matrix

Featured (Free)
Premium
Asset Inventory
D3-AM
Asset Vulnerability Enumeration
D3-AVE
Data Inventory
D3-DM
System Dependency Mapping
D3-SYSM
Access Control List Hardening
D3-ACL
Credential Hardening
D3-CH
Application Security Hardening
D3-ASH
Operating System Hardening
D3-OSH
Patch Management
D3-PM
Network Traffic Analysis
D3-NTA
Process Spawn Analysis
D3-PHDM
File Content Analysis
D3-FCA
Authentication Event Monitoring
D3-ANET
System File Analysis
D3-SFA
User Geolocation Logon Pattern Analysis
D3-UGLPA
Network Isolation
D3-NI
Execution Isolation
D3-EI
Host-Based Process Isolation
D3-HBPI
DNS Allowlisting
D3-DNSAL
Decoy Token Deployment
D3-DTP
Decoy Honeypot
D3-DHN
Decoy File
D3-DF
DNS Sinkhole
D3-DNS-D
Credential Rotation
D3-CR
Process Termination
D3-PT
Account Locking
D3-AL
Network Traffic Filtering
D3-NTF
Backup and Recovery
D3-BU
System Rebuild
D3-SYSRB
Restore Service from Disaster Recovery
D3-RSDW
File Integrity Monitoring Restoration
D3-FIM

Featured Techniques

Start with these essential defensive techniques, one from each D3FEND tactic.

ModelD3-AM

Asset Inventory

Maintain a comprehensive inventory of hardware, software, and data assets to understand what needs protection and identify unauthorized assets.

Counters 3 ATT&CK techniques
HardenD3-ACL

Access Control List Hardening

Implement and maintain access control lists to restrict unauthorized access to systems, networks, and data.

Counters 3 ATT&CK techniques
DetectD3-NTA

Network Traffic Analysis

Monitor and analyze network traffic patterns to identify malicious activity, data exfiltration, and command-and-control communications.

Counters 4 ATT&CK techniques
IsolateD3-NI

Network Isolation

Segment networks to contain threats and limit lateral movement by restricting communications between zones.

Counters 3 ATT&CK techniques
DeceiveD3-DTP

Decoy Token Deployment

Deploy fake credentials, API keys, and tokens that alert when accessed by adversaries.

Counters 3 ATT&CK techniques
EvictD3-CR

Credential Rotation

Rotate compromised or potentially compromised credentials to deny adversary access.

Counters 3 ATT&CK techniques
RestoreD3-BU

Backup and Recovery

Maintain and test backups to enable recovery from ransomware, data loss, and system compromise.

Counters 3 ATT&CK techniques

Master Purple Team Defense

Combine your knowledge of ATT&CK attacks and D3FEND defenses in our comprehensive Purple Team Detection Engineering course.

Unlock All Defensive Techniques

Premium members get full access to all 31 D3FEND techniques, implementation guidance, AI-powered recommendations, and Purple Team exercises.