Prevent an adversary from conducting part or all of their mission.
Disrupt is used to prevent or discourage an adversary from conducting part or all of their mission. This may include increasing the time or skills needed to accomplish a specific task or by tightening controls so that more steps need to be taken.
Technique | Description |
---|---|
DTE0001 - Admin Access | Modify a user's administrative privileges. |
DTE0004 - Application Diversity | Present the adversary with a variety of installed applications and services. |
DTE0005 - Backup and Recovery | Make copies of key system software, configuration, and data to enable rapid system restoration. |
DTE0006 - Baseline | Identify key system elements to establish a baseline and be prepared to reset a system to that baseline when necessary. |
DTE0007 - Behavioral Analytics | Deploy tools that detect unusual system or user behavior. |
DTE0011 - Decoy Content | Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc. |
DTE0012 - Decoy Credentials | Create user credentials that are used for active defense purposes. |
DTE0014 - Decoy Network | Create a target network with a set of target systems, for the purpose of active defense. |
DTE0019 - Email Manipulation | Modify the flow or contents of email. |
DTE0020 - Hardware Manipulation | Alter the hardware configuration of a system to limit what an adversary can do with the device. |
DTE0022 - Isolation | Configure devices, systems, networks, etc. to contain activity and data in order to promote inspection or prevent expanding an engagement beyond desired limits. |
DTE0026 - Network Manipulation | Make changes to network properties and functions to achieve a desired effect. |
DTE0032 - Security Controls | Alter security controls to make the system more or less vulnerable to attack. |
DTE0033 - Standard Operating Procedure | Establish a structured way of interacting with systems so that non-standard interactions are more easily detectable. |
DTE0035 - User Training | Train users to detect malicious intent or activity, how to report it, etc. |
DTE0036 - Software Manipulation | Make changes to a system's software properties and functions to achieve a desired effect. |