Attivo Networks Covers 27 out of the 33 Defense Techniques Identified in MITRE Shield
September 2020 by Marc Jacob
Attivo Networks® announced that its solutions provide organizations with a vast majority – 82 percent – of the active defense measures presented in MITRE Shield. The ThreatDefend® Platform components – ADSecure™, BOTsink®, and Endpoint Detection Net (EDN) – represent the industry’s most comprehensive threat detection coverage, providing organizations with 27 of the 33 defensive techniques identified by MITRE. Additionally, these solutions provide an active defense for 123 of 190 MITRE Shield use cases.
According to the organization’s website, “MITRE Shield is a publicly available, free knowledge base of common techniques and tactics that can help experts take proactive steps to defend their networks and assets.” MITRE Shield takes a similar approach to present active defense concepts as MITRE ATT&CK® does for offense, and leveraging them together enables organizations to create active defense playbooks to address specific adversaries.
Cyber deception is renowned for its ability to create an active defense. Unlike other forms of deception solutions, the Attivo ThreatDefend platform provides comprehensive attack prevention and detection capabilities that enable it to cover not only decoy techniques, but also a wide variety of other methods. The platform proactively diverts attackers away from their targets with fake information that misdirects them to decoys, and through denial of access, can conceal and prevent an attacker from obtaining critical information such as Active Directory objects, data, and file storage systems. With the ability to control the path of the attacker into a decoy, defenders can gather the valuable insights that they need to understand their adversary’s tools and techniques, as well as intent.