Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Monday, 23 November 2020 08:57

How MITRE Shield helps organisations develop a better deception and concealment strategy

Jim Cook, ANZ Regional Director Attivo Networks Jim Cook, ANZ Regional Director Attivo Networks

GUEST OPINION by Jim Cook, ANZ Regional Director, Attivo Networks: In today’s hyper-connected business world, maintaining effective IT security is a complex task. New cyber threats are constantly emerging, and the risk of disruption and loss has never been higher. With this challenge in mind, the US-based MITRE Corporation recently unveiled a new knowledge base designed to help organisations better understand security risks and the steps they can take to counter them.

The not-for-profit organisation, best know for its ATT&CK® matrix, has been working with government and private-sector firms for more than 60 years. Its new knowledge base, dubbed Shield, is designed to help defenders understand their cybersecurity options and take proactive steps to defend their data and assets. Among the most common recommended techniques are cyber-deception and concealment technologies, and both feature extensively in the new Shield matrix.

The features of MITRE Shield

In essence, MITRE Shield is a freely available knowledge base that comprises information on common security techniques and tactics. More specifically, it is a guide to creating an Active Defence strategy based on adversary engagement and covers topics such as how adversaries mount attacks, the tools they use, what they do after they establish a beachhead, and their ultimate goals.

Like the widely used ATT&CK matrix, Shield is presented in a tabular format, featuring eight tactics and a wide range of techniques mapped to specific use cases. Shield helps organisations counter known attack patterns and assists defenders to better prepare for future attacks. In all, Shield covers 33 techniques and 190 use cases.

Rather than a defender merely focusing on detecting and removing attackers from a network, Shield recommends an active defense strategy. The matrix highlights the fact that there is much to learn from attackers, and actively and safely engaging them can create valuable learning opportunities.

Since deception technology is an active defence technology known for its effectiveness in engaging attackers, Shield spends a considerable amount of time and effort on deception tactics and principles.

Deception and concealment

Deception and concealment technologies distinguish themselves from other active defence measures by going beyond decoy techniques to achieve attack prevention and detection. Deception proactively diverts attackers away from their targets using lures and other false information, guiding them toward decoys. Meanwhile, concealment performs the allied task of hiding real objects so that an attacker cannot even see them.

These strategies align nicely with the tactics outlined in the MITRE Shield matrix. The matrix breaks the tactics into eight buckets:

  • Channel: A deception tactic can channel adversaries away from important systems and toward decoy, wasting their time and resources and derailing the attack
  • Collect: Defenders can use deceptive techniques to study an attacker, gathering intelligence on their behaviours and tactics
  • Contain: When engaging with a deception environment, attacker activities remain contained within the specific bounds of the environment and away from production assets
  • Detect: Unlike perimeter defences, deception technology detects intruders inside a network, capturing adversary tactics, techniques, and procedures
  • Disrupt: Feeding deceptive content to attackers will disrupt their ability to accomplish their goals
  • Facilitate: Deception helps facilitate an attack along specific lines, leading the attackers to believe that they have accomplished a part of their mission by creating a “vulnerable” decoy
  • Legitimise: Deception makes attackers believe that the decoys, lures, and misdirections are real.
  • Test: Engaging with attackers means testing them to determine their interests, capabilities, and behaviours to stop current and prevent future attacks.

Of the 33 defence techniques covered within these eight tactics categories, deception and concealment technology address 27 of them, while deception alone covers around ten. This difference underscores the importance of concealment for not just deceiving intruders but denying them access to the data and assets they seek. They cannot steal or encrypt what they cannot see.

Deception and concealment strategies have evolved from being things that are ‘nice’ to have into essential components. Guided by MITRE shield, organisations can be more effective in putting them in place and enjoying the security benefits they can deliver.

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are available asset to the team. If you want to be a staff writer please contacts us.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News