MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up
Category:Industry News / Research & Tools
MITRE signaled that ATT&CK v18 will deprecate the Defense Evasion tactic, splitting it into Stealth and Impair Defenses. The overhaul will re‑categorize techniques, refine others (e.g., Process Injection), and remove outdated buckets (e.g., Modify Registry), requiring SOC mapping and vendor updates.
CORTEX Protocol Intelligence Assessment
Business Impact: Significant taxonomy changes may break detections and reporting until content is remapped. Technical Context: New tactics emphasize adversary goals vs. catch‑all behaviors.
Strategic Intelligence Guidance
- Export current ATT&CK mappings and plan bulk updates.
- Engage vendors on v18 support timelines.
- Create translation layers for historical analytics.
- Re‑validate coverage for stealth/impair strategies.
Vendors
Targets
Intelligence Source: MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up - Security Boulevard | Oct 22, 2025