Decider tool makes MITRE ATT&CK^® More Accessible for Network Defenders

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), has released Decider, a tool for mapping adversary behavior to the MITRE ATT&CK^® framework. HSSEDI is a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security. HSSEDI worked with MITRE’s ATT&CK team to develop Decider.

A companion to the recently updated Best Practices for MITRE ATT&CK^® Mapping Guide, Decider helps network defenders, analysts, and researchers quickly and accurately map adversary tactics, techniques, and procedures (TTPs) to ATT&CK.

Decider makes ATT&CK mapping more accessible by walking users through a series of guided questions about adversary activity. The new tool helps cyber defenders determine correct tactics, techniques, or sub-techniques that then inform a range of important activities such as sharing the findings, discovering mitigations, and detecting further techniques.

“The ATT&CK Framework is a proven approach to help organizations more effectively prioritize cybersecurity controls and mitigations that actively reduce the prevalence and impact of intrusions,” said Eric Goldstein, executive assistant director for cybersecurity, CISA. “We are excited to continue our partnership with HSSEDI and MITRE in offering the Decider tool to better guide ATT&CK mapping and help the cybersecurity community accurately understand adversary activities and make well-informed decisions that raise our collective defense.”

“We are proud to partner with CISA to help cyber defenders take a more adversary informed approach to protecting their networks,” said Yosry Barsoum, vice president and director, Center for Securing the Homeland at MITRE. “With Decider, the greater cyber community will be better equipped to use ATT&CK.”

Decider is a web application that must be hosted to be used. Organizations can host Decider internally to save and share customized mappings, questions, answers, and users per install. CISA does not offer access to a running instance of Decider. Decider is currently compatible with Enterprise ATT&CK versions 11.0 and 12.0.

Visit the CISA GitHub site to download Decider. To learn more about the capabilities of this tool, refer to CISA’s technical blog. For more on identifying and countering adversary behavior, see Best Practices for MITRE ATT&CK® Mapping.

About CISA

As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.

About HSSEDI

The Homeland Security Systems Engineering and Development Institute (HSSEDI) drives discoveries that improve our nation’s safety and make our institutions more resilient in the face of threats. Since 2009, The MITRE Corporation has operated HSSEDI serving as a national resource and objective adviser for accelerating homeland security impact.

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and as an operator of federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at mitre.org.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230301005251/en/