Implementing MITRE Shield at Scale
Introducing a software platform that activates MITRE ATT&CK® and MITRE Shield
The SolarWinds breach proves attackers have achieved next-level stealth, entering and executing in a way that’s invisible to even the most robust conventional technology. The time has come for Active Defense.
Active Defense is the employment of limited offensive action and counterattacks to deny a position to the enemy. Backed by more than 10 years of adversary engagement experience, MITRE introduced Shield, a knowledgebase of tactics and techniques that help you counter current attacks while you learn about your adversary to prepare for the future.
MITRE ATT&CK & Shield Activation
MITRE ATT&CK and Shield are important tools that need the support of production software in order to come together as a unified Active Defense solution.
MITRE ATT&CK and MITRE Shield are complimentary but complex resources. Limited integration leaves a considerable amount of analysis and mapping to convert insight into action.
- ATT&CK visualization tools bring focus to relevant attack group TTPs
- MITRE Shield maps to ATT&CK but ATT&CK does not map to Shield
- Manual mapping is required to integrate both into a cohesive, aligned program
02Attack Simulation & Active Defense – Working Together
Attack Simulation & Active Defense – Working Together
Built on MITRE ATT&CK, Breach and Attack Simulation (BAS) tools provide visibility into control gaps and vulnerabilities. ATT&CK mitigations recommend necessary, but time-consuming projects that leave assets vulnerable until they are fully implemented.
- BAS tools simulate attacks on existing assets, not Active Defense techniques
- Mitigations take time, leaving assets vulnerable until they are implemented
- Active Defense reduces risk ahead of mitigation
03The Need for an Active Defense Platform
The Need for an Active Defense Platform
Security lacks a platform that simulates attack scenarios against real Active Defense deployments for planning, testing and refinement. Spreadsheets and manual mapping fill the gap which exposes serious scalability and flexibility limitations for Active Defense.
- Active Defense is agile and dynamic by nature
- A real-time platform for testing and refinement is essential for Shield activation
- Static mapping prevents Shield from being more than a science experiment
Activating Active Defense
The industry’s first Active Defense Platform
Add MITRE ATT&CK context to active techniques
TrapX adds MITRE ATT&CK context to high-fidelity alerts. Traps expose attacker techniques and sub-techniques active within your network. Lateral movement insight can be traced back to attack groups for an aligned Active Defense strategy.
Test Your Deception Environment
TrapX Active Defense Scorecard (ADS) provides non-disruptive Deception environment testing against ATT&CK techniques and sub-techniques enabling you to visualize your trap coverage through a real-time heatmap.
Discover Gaps & Refine Your Techniques
The Active Defense Scorecard (ADS), coupled with TrapX scanning and rapid deployment, provides a unique ability to discover assets, and deploy, test, and redeploy traps with minimal disruption.
An Integrated Solution for Vulnerability & Risk Management
TrapX reduces risk by integrating with leading vulnerability management solutions to automate trap deployment based on asset discovery, vulnerability, and risk scoring.
Explore the latest data, content, and industry perspectives to launch your own Deception success story.