Shields Up: A Good Cyber Defense Is an Active Defense

August 2020
Topics: Cyber Resilience, Cybersecurity, Cyber Threat Intelligence
No one wants an adversary to penetrate their network. But when it happens, intrusion presents otherwise unavailable opportunities for cyber defenders. MITRE now offers a free resource for defenders who want to take the advantage with an active defense.
Woman looking at large screen covered in data

Good boxers are rarely passive. Rather than just standing still and absorbing punches, they study their opponent’s patterns to better counter the next attack. That same approach also applies to an effective cybersecurity strategy.

With this in mind, MITRE recently released a free resource for cyber experts who want to gain the advantage of engaging an active cyber defense.

MITRE Shield is a publicly available, free knowledge base of common techniques and tactics that can help experts take proactive steps to defend their networks and assets. MITRE Shield takes a similar approach to presenting active defense concepts as MITRE ATT&CK®, a framework that catalogs adversary behavior and is widely used throughout the cybersecurity industry.

Shield was culled from MITRE’s work over the past 10 years observing and engaging adversaries in defense of our own network. It spans the range from big-picture opportunities and objectives that chief information security officers (CISOs) may want to consider to practitioner-friendly tactics, techniques, and procedures.

Leveraging ATT&CK along with MITRE Shield offers the potential to create active defense playbooks to address specific adversaries.

“We hope mapping Shield to ATT&CK will be a good addition to the collection of ways ATT&CK can be used. Using them in tandem can help defenders better understand adversary behavior and engagements and suggest ways the defender can mount a more active defense,” says Christina Fowler, MITRE’s chief cyber intelligence strategist.

“This will help the cybersecurity community change the game from something reactive like Whack-A-Mole to something more strategic like chess.” 

The Foundation for an Active Defense

The initial version of the Shield knowledge base focuses on foundational security techniques for deception and adversary engagement.

“Adversary engagement isn’t something to shy away from,” says Bill Hill, MITRE chief information security official. “It can enable defenders to do things ranging from learning more about how attackers operate to capturing some of their tools.

"These activities can be employed for defensive benefit in the private sector, in government, and in cybersecurity products and services.”

MITRE plans to continuously evolve the knowledge base to help organizations build more sophisticated active defense solutions. Future versions will combine multiple techniques and procedures to create complex playbooks.

Learn more about MITRE Shield here

by Jeremy Singer

Explore More at MITRE Focal Point: Critical Infrastructure


Publication Search