Active Defense Matrix

The Shield matrix consists of the following core components:

  • Tactics, denoting what the defender is trying to accomplish (the columns).
  • Techniques, describing how the defense achieves the tactic(s) (the individual cells).
ChannelCollectContainDetectDisruptFacilitateLegitimizeTest
Admin AccessAPI MonitoringAdmin AccessAPI MonitoringAdmin AccessAdmin AccessApplication DiversityAdmin Access
API MonitoringApplication DiversityBaselineApplication DiversityApplication DiversityApplication DiversityBurn-InAPI Monitoring
Application DiversityBackup and RecoveryDecoy AccountBaselineBackup and RecoveryBehavioral AnalyticsDecoy AccountApplication Diversity
Decoy AccountDecoy AccountDecoy NetworkBehavioral AnalyticsBaselineBurn-InDecoy Content Backup and Recovery
Decoy Content Decoy Content Detonate MalwareDecoy AccountBehavioral AnalyticsDecoy AccountDecoy CredentialsDecoy Account
Decoy CredentialsDecoy CredentialsHardware ManipulationDecoy Content Decoy Content Decoy Content Decoy DiversityDecoy Content
Decoy DiversityDecoy NetworkIsolationDecoy CredentialsDecoy CredentialsDecoy CredentialsDecoy NetworkDecoy Credentials
Decoy NetworkDecoy SystemMigrate Attack VectorDecoy DiversityDecoy NetworkDecoy DiversityDecoy PersonaDecoy Diversity
Decoy PersonaDetonate MalwareNetwork ManipulationDecoy NetworkEmail ManipulationDecoy PersonaDecoy ProcessDecoy Network
Decoy ProcessEmail ManipulationSecurity ControlsDecoy PersonaHardware ManipulationDecoy SystemDecoy SystemDecoy Persona
Decoy SystemHuntingSoftware ManipulationDecoy SystemIsolationNetwork DiversityNetwork DiversityDecoy System
Detonate MalwareNetwork DiversityEmail ManipulationNetwork ManipulationNetwork ManipulationPocket LitterDetonate Malware
Migrate Attack VectorNetwork MonitoringHuntingSecurity ControlsPeripheral ManagementMigrate Attack Vector
Network DiversityPCAP CollectionIsolationStandard Operating ProcedurePocket LitterNetwork Diversity
Network ManipulationPeripheral ManagementNetwork ManipulationUser TrainingSecurity ControlsNetwork Manipulation
Peripheral ManagementProtocol DecoderNetwork MonitoringSoftware ManipulationSoftware ManipulationPeripheral Management
Pocket LitterSecurity ControlsPCAP CollectionPocket Litter
Security ControlsSystem Activity MonitoringPocket LitterSecurity Controls
Software ManipulationSoftware ManipulationProtocol DecoderSoftware Manipulation
Standard Operating Procedure
System Activity Monitoring
User Training
Software Manipulation