MITRE Corp. has released a new guide cataloging measures that organizations can take to actively engage with and counter intruders on their networks.
Like MITRE's widely used ATT&CK framework, which offers a comprehensive listing of attacker behavior, the federally funded organization's new Shield is a publicly availably knowledge base, this time of tactics and techniques for proactive defense.
The core focus is on informing security practitioners about adversary engagement — or interacting with cyber intruders and figuring out how to mount a more active defense against them, says Bill Hill, CISO at MITRE.
"When noninteractive defenses like patching, firewalls, IDSs, etc., fail or are completely circumvented, what can we learn and how can we improve?" he says. Adversary engagement is "learning about how our adversaries attack us, what tools they use, what they will do after they establish a beachhead on our systems, maybe even what they want from us."
MITRE's new Shield framework presents information in a matrix format, in similar fashion as ATT&CK. The matrix consists of eight columns, each one listing different tactics — such as detect, disrupt, contain, and collect — that security practitioners can use to defend against intruders on the network. The hyperlinked data in the rows or each of the cells describes the actual techniques that defenders can use to implement each of these tactics.
For instance, the techniques listed in the individual cells under the "detect" column include API monitoring, behavioral analytics, email manipulation, and the creation of decoy accounts, networks, and creden ..
Support the originator by clicking the read the rest link below.
