Monday, 23 November 2020 08:57

How MITRE Shield helps organisations develop a better deception and concealment strategy

By Jim Cook, Attivo Networks
Jim Cook, ANZ Regional Director Attivo Networks Jim Cook, ANZ Regional Director Attivo Networks

GUEST OPINION by Jim Cook, ANZ Regional Director, Attivo Networks: In today’s hyper-connected business world, maintaining effective IT security is a complex task. New cyber threats are constantly emerging, and the risk of disruption and loss has never been higher. With this challenge in mind, the US-based MITRE Corporation recently unveiled a new knowledge base designed to help organisations better understand security risks and the steps they can take to counter them.

The not-for-profit organisation, best know for its ATT&CK® matrix, has been working with government and private-sector firms for more than 60 years. Its new knowledge base, dubbed Shield, is designed to help defenders understand their cybersecurity options and take proactive steps to defend their data and assets. Among the most common recommended techniques are cyber-deception and concealment technologies, and both feature extensively in the new Shield matrix.

The features of MITRE Shield

In essence, MITRE Shield is a freely available knowledge base that comprises information on common security techniques and tactics. More specifically, it is a guide to creating an Active Defence strategy based on adversary engagement and covers topics such as how adversaries mount attacks, the tools they use, what they do after they establish a beachhead, and their ultimate goals.

Like the widely used ATT&CK matrix, Shield is presented in a tabular format, featuring eight tactics and a wide range of techniques mapped to specific use cases. Shield helps organisations counter known attack patterns and assists defenders to better prepare for future attacks. In all, Shield covers 33 techniques and 190 use cases.

Rather than a defender merely focusing on detecting and removing attackers from a network, Shield recommends an active defense strategy. The matrix highlights the fact that there is much to learn from attackers, and actively and safely engaging them can create valuable learning opportunities.

Since deception technology is an active defence technology known for its effectiveness in engaging attackers, Shield spends a considerable amount of time and effort on deception tactics and principles.

Deception and concealment

Deception and concealment technologies distinguish themselves from other active defence measures by going beyond decoy techniques to achieve attack prevention and detection. Deception proactively diverts attackers away from their targets using lures and other false information, guiding them toward decoys. Meanwhile, concealment performs the allied task of hiding real objects so that an attacker cannot even see them.

These strategies align nicely with the tactics outlined in the MITRE Shield matrix. The matrix breaks the tactics into eight buckets:

  • Channel: A deception tactic can channel adversaries away from important systems and toward decoy, wasting their time and resources and derailing the attack
  • Collect: Defenders can use deceptive techniques to study an attacker, gathering intelligence on their behaviours and tactics
  • Contain: When engaging with a deception environment, attacker activities remain contained within the specific bounds of the environment and away from production assets
  • Detect: Unlike perimeter defences, deception technology detects intruders inside a network, capturing adversary tactics, techniques, and procedures
  • Disrupt: Feeding deceptive content to attackers will disrupt their ability to accomplish their goals
  • Facilitate: Deception helps facilitate an attack along specific lines, leading the attackers to believe that they have accomplished a part of their mission by creating a “vulnerable” decoy
  • Legitimise: Deception makes attackers believe that the decoys, lures, and misdirections are real.
  • Test: Engaging with attackers means testing them to determine their interests, capabilities, and behaviours to stop current and prevent future attacks.

Of the 33 defence techniques covered within these eight tactics categories, deception and concealment technology address 27 of them, while deception alone covers around ten. This difference underscores the importance of concealment for not just deceiving intruders but denying them access to the data and assets they seek. They cannot steal or encrypt what they cannot see.

Deception and concealment strategies have evolved from being things that are ‘nice’ to have into essential components. Guided by MITRE shield, organisations can be more effective in putting them in place and enjoying the security benefits they can deliver.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments