The MITRE corporation’s ATT&CK and Shield matrixes are knowledge bases that organizations can use to improve defenses. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. MITRE Shield is an active defense knowledge base MITRE is developing to capture and organize what is being learned about active defense and adversary engagement.
Most security solutions cover the MITRE ATT&CK tactics in the early or later parts of the attack cycle. While the Attivo Networks ThreatDefend platform provides coverage across 11 of the 12 tactics in MITRE ATT&CK, it provides the most coverage for those that occur post-compromise – Credential Access, Discovery, Lateral Movement, Collection. These stages are where adversaries spend most of their time after they evade defenses and burrow deeper into the network, and where traditional security controls struggle to detect their activity. With the ThreatDefend platform, organizations gain visibility and detection into these tactics early in the attack cycle, displayed within the dashboard and the event views.
With the MITRE Shield knowledge base, the emphasis is on tactics the defender can implement to engage adversaries and implement an active defense. The ThreatDefend platform provides the most extensive coverage for MITRE Shield, covering 27 of the 33 techniques listed across all 8 tactics and over 120 documented use cases.
Organizations seeking to implement security based on MITRE Shield can gain immense value by implementing the ThreatDefend platform as part of an active defense.
The MITRE Shield knowledge base captures and organizes information about active defense and adversary engagement. It lists techniques that defenders can use to implement an active defense, organized into 8 categories of tactics. The detail page for each technique provides information about which tactics it supports, what opportunities are available based on adversary TTPs, as well as use cases and procedures to prompt implementation discussions.