We have a blog! Check out MITRE Shield on Medium.

Active Defense Matrix

The Shield matrix consists of the following core components:

  • Tactics, denoting what the defender is trying to accomplish (the columns).
  • Techniques, describing how the defense achieves the tactic(s) (the individual cells).
ChannelCollectContainDetectDisruptFacilitateLegitimizeTest
Admin AccessAPI MonitoringAdmin AccessAPI MonitoringAdmin AccessAdmin AccessApplication DiversityAdmin Access
API MonitoringApplication DiversityBaselineApplication DiversityApplication DiversityApplication DiversityBurn-InAPI Monitoring
Application DiversityBackup and RecoveryDecoy AccountBehavioral AnalyticsBackup and RecoveryBehavioral AnalyticsDecoy AccountApplication Diversity
Decoy AccountDecoy AccountDecoy NetworkDecoy AccountBaselineBurn-InDecoy Content Backup and Recovery
Decoy Content Decoy Content Detonate MalwareDecoy Content Behavioral AnalyticsDecoy AccountDecoy CredentialsDecoy Account
Decoy CredentialsDecoy CredentialsHardware ManipulationDecoy CredentialsDecoy Content Decoy Content Decoy DiversityDecoy Content
Decoy NetworkDecoy NetworkIsolationDecoy NetworkDecoy CredentialsDecoy CredentialsDecoy NetworkDecoy Credentials
Decoy PersonaDecoy SystemMigrate Attack VectorDecoy SystemDecoy NetworkDecoy DiversityDecoy PersonaDecoy Diversity
Decoy ProcessDetonate MalwareNetwork ManipulationEmail ManipulationEmail ManipulationDecoy PersonaDecoy ProcessDecoy Network
Decoy SystemEmail ManipulationSecurity ControlsHuntingHardware ManipulationDecoy SystemDecoy SystemDecoy Persona
Detonate MalwareNetwork DiversitySoftware ManipulationIsolationIsolationNetwork DiversityNetwork DiversityDecoy System
Migrate Attack VectorNetwork MonitoringNetwork ManipulationNetwork ManipulationNetwork ManipulationPocket LitterDetonate Malware
Network DiversityPCAP CollectionNetwork MonitoringSecurity ControlsPeripheral ManagementMigrate Attack Vector
Network ManipulationPeripheral ManagementPCAP CollectionStandard Operating ProcedurePocket LitterNetwork Diversity
Peripheral ManagementProtocol DecoderPocket LitterUser TrainingSecurity ControlsNetwork Manipulation
Pocket LitterSecurity ControlsProtocol DecoderSoftware ManipulationSoftware ManipulationPeripheral Management
Security ControlsSystem Activity MonitoringStandard Operating ProcedurePocket Litter
Software ManipulationSoftware ManipulationSystem Activity MonitoringSecurity Controls
User TrainingSoftware Manipulation
Software Manipulation