Shield is a verb meaning to protect from a danger or risk, as well as a noun, meaning one that protects or defends. Like the word, our Shield knowledge base can be used in a variety of ways depending on a defender’s exact need.
This project began as the team documented techniques that could be useful in adversary engagement operations. MITRE has a rich history of work in cyber deception and adversary engagement so for the team, creating this knowledge base was a natural progression.
To be successful at deception and adversary engagement, you must use basic cyber defense techniques like collecting system and network logs, PCAP, performing data backups, etc.
Opportunity Spaces are high-level active defense possibilities when attackers employ their techniques, while Use Cases are high-level descriptions of how a defender could do something to take advantage of the opportunity that the attacker's action presents.
We see the possibility of a future enhancement in this area. If you would find this to be useful or would like to contribute to this effort, please contact us.
All of the data used to generate this website can be found on our GitHub repo. The JSON data specifically can be found in the _data folder.