Active Defense

Implementing MITRE Shield at Scale

Introducing a software platform that activates MITRE ATT&CK® and MITRE Shield

The SolarWinds breach proves attackers have achieved next-level stealth, entering and executing in a way that’s invisible to even the most robust conventional technology. The time has come for Active Defense.

Active Defense is the employment of limited offensive action and counterattacks to deny a position to the enemy. Backed by more than 10 years of adversary engagement experience, MITRE introduced Shield, a knowledgebase of tactics and techniques that help you counter current attacks while you learn about your adversary to prepare for the future.

MITRE ATT&CK & Shield Activation

MITRE ATT&CK and Shield are important tools that need the support of production software in order to come together as a unified Active Defense solution.

  • 01
    Overcoming Complexity

    Overcoming Complexity

    MITRE ATT&CK and MITRE Shield are complimentary but complex resources. Limited integration leaves a considerable amount of analysis and mapping to convert insight into action.

    • ATT&CK visualization tools bring focus to relevant attack group TTPs
    • MITRE Shield maps to ATT&CK but ATT&CK does not map to Shield
    • Manual mapping is required to integrate both into a cohesive, aligned program
  • 02
    Attack Simulation & Active Defense – Working Together

    Attack Simulation & Active Defense – Working Together

    Built on MITRE ATT&CK, Breach and Attack Simulation (BAS) tools provide visibility into control gaps and vulnerabilities. ATT&CK mitigations recommend necessary, but time-consuming projects that leave assets vulnerable until they are fully implemented.

    • BAS tools simulate attacks on existing assets, not Active Defense techniques
    • Mitigations take time, leaving assets vulnerable until they are implemented
    • Active Defense reduces risk ahead of mitigation
  • 03
    The Need for an Active Defense Platform

    The Need for an Active Defense Platform

    Security lacks a platform that simulates attack scenarios against real Active Defense deployments for planning, testing and refinement. Spreadsheets and manual mapping fill the gap which exposes serious scalability and flexibility limitations for Active Defense.

    • Active Defense is agile and dynamic by nature
    • A real-time platform for testing and refinement is essential for Shield activation
    • Static mapping prevents Shield from being more than a science experiment

Activating Active Defense

The industry’s first Active Defense Platform

  • Add MITRE ATT&CK context to active techniques

    TrapX adds MITRE ATT&CK context to high-fidelity alerts. Traps expose attacker techniques and sub-techniques active within your network. Lateral movement insight can be traced back to attack groups for an aligned Active Defense strategy.

  • Test Your Deception Environment

    TrapX Active Defense Scorecard (ADS) provides non-disruptive Deception environment testing against ATT&CK techniques and sub-techniques enabling you to visualize your trap coverage through a real-time heatmap.

  • Discover Gaps & Refine Your Techniques

    The Active Defense Scorecard (ADS), coupled with TrapX scanning and rapid deployment, provides a unique ability to discover assets, and deploy, test, and redeploy traps with minimal disruption.

  • An Integrated Solution for Vulnerability & Risk Management

    TrapX reduces risk by integrating with leading vulnerability management solutions to automate trap deployment based on asset discovery, vulnerability, and risk scoring.

Activating Active Defense

This paper outlines a strategy for unifying MITRE ATT&CK, MITRE Shield and Deception together into a unified solution for Active Defense

Learn more about our unique approach to Deception

Discover why more than 300 global customers call TrapX "simple, powerful, and affordable."