The MITRE Corporation has taken the wraps off a knowledge base of common techniques and tactics that can be used by defenders to keep their networks and assets safe.
The publicly available, free resource, Called MITRE Shield, is aimed at cyber experts seeking active cyber defense and, like MITRE ATT&CK, presents a series of active defense concepts.
“Shield has been pulled out of the work of MITRE over the past 10 years to observe and engage adversaries in defense of our own network. It spans the range of big picture opportunities and goals that chief information security officers (CISOs) might want to consider to practitioner-friendly tactics, techniques , and procedures, “explains MITRE.
The newly released base of knowledge mainly outlines security techniques to engage deception and adversaries. Defenders can create active defense playbooks with the assistance of both ATT&CK and MITRE Shield that would help them address specific adversaries, MITRE says.
The resource is being developed as both unstructured and structured data, with the initial version focusing on structured elements, according to MITRE. MITRE Shield is not complete, but should serve as a starting point for discussion on adversary interaction, active defense and how defenders will benefit from it.
“We hope it will be a good addition to the collection of ways ATT&CK can be used to map Shield to ATT&CK. Using them in tandem will help advocates better understand enemy actions and intentions, and suggest ways the defender can mount a more active defense, “says Christina Fowler, MITRE’s chief strategist for cyber intelligence.
According to MITRE, the main idea behind releasing Shield is to receive the opinions of others about the work, to broaden the knowledge base. In the coming months the data model will be tweaked and additional content is expected to be added as well, the non-profit organization reveals.
MITRE also notes that Shield plans to evolve continuously, and that the project might never actually be completed because the defense subject is almost infinite. The knowledge base, however, is expected to help organizations strengthen their active solutions in defense.
Leave a Reply