The MITRE corporation’s ATT&CK and Shield matrixes are knowledge bases that security organizations can use to improve defenses. Where MITRE ATT&CK documents adversary techniques to aid security teams in understanding what they entails and what artifacts it generates, MITRE Shield is for defenders to understands the techniques used to implement an active defense against attackers.
Most security solutions cover the MITRE ATT&CK tactics in the early or later parts of the attack cycle. While the Attivo Networks ThreatDefend platform provides coverage across 11 of the 12 tactics in MITRE ATT&CK, it provides the most coverage for those that occur post-compromise – Credential Access, Discovery, Lateral Movement, Collection. These stages are where adversaries spend most of their time after they evade defenses and borrow deeper into the network, and where traditional security controls struggle to detect their activity. With the ThreatDefend platform, organizations gain visibility and detection into these tactics early in the attack cycle, displayed within the dashboard and the event views.
With the MITRE Shield knowledge base, the emphasis is on tactics the defender can implement to engage adversaries and implement an active defense. The ThreatDefend platform provides the most extensive coverage for MITRE Shield, covering 27 of the 33 techniques listed across all 8 tactics and over 120 documented use cases.
Organizations seeking to implement security based on MITRE Shield can gain immense value by implementing the ThreatDefend platform as part of an active defense.
The MITRE Shield knowledge base captures and organizes information about active defense and adversary engagement. It lists techniques that defenders can use to implement an active defense, organized into 8 categories of tactics. The detail page for each technique provides information about which tactics it supports, what opportunities are available based on adversary TTPs, as well as use cases and procedures to prompt implementation discussions.