D3FEND 1.0 brings structured security graphs
Armed with drag‑and‑drop nodes and an ‘explode’ feature, the new CAD tool empowers teams to visualise complex cyber scenarios methodically.
MITRE has unveiled its new Cyber Attack–Defense (CAD) tool as part of the D3FEND 1.0 release, offering security teams a structured way to model and counter cyber threats.
The browser‑based interface lets users build ‘D3FEND Graphs’—knowledge graphs grounded in a rich cybersecurity ontology—instead of relying on ad hoc PowerPoint diagrams.
Graph components include Attack nodes (tied to MITRE ATT&CK techniques), Countermeasure nodes (D3FEND defensive measures) and Digital Artifact nodes (elements from the D3FEND artifact ontology).
A drag‑and‑drop canvas enables rapid scene‑setting, while an ‘explode’ feature reveals related attack paths, defences or artefacts drawn from the ontology’s knowledge base.
Organisations can apply the CAD tool across threat intelligence, security engineering, detection scenario planning, incident investigation and risk assessments.
Exports in JSON, TTL or PNG support collaboration, and STIX 2.1 import ensures seamless threat data integration. Users may also extend the underlying ontology to capture emerging techniques.
Built in partnership with the NSA and various defence departments, D3FEND 1.0 and its CAD tool establish a common vocabulary and conceptual framework for cybersecurity operations.
As threats grow ever more complex, a methodical, semantically rigorous approach to modelling defences is set to become indispensable.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.
