MITRE launched MITRE Engage, a framework for communicating and planning cyber adversary engagement, deception, and denial activities.
Informed by adversary behavior observed in the real world, Engage helps chief information security officers (CISOs), cyber defenders, and vendors to implement defense strategies.
Adversary engagement and deception operations can cut the cost of a data breach in half, waste an adversary’s time, and make attackers easier to detect. Engage maps to the MITRE ATT&CK framework, which enables practitioners to quickly identify an attacker’s vulnerabilities when using a specific ATT&CK technique and how to take advantage of those vulnerabilities.
“Engage is about empowering the cyber defense community,” said Maretta Morovitz, MITRE Engage lead. “Every day, adversaries launch cyber attacks. Some will always slip through. Taller walls aren’t the complete solution. We need to stop what we can and be prepared to engage with the ones who make it through. With traditional cyber defense, the adversary only needs to be right once, but with cyber deception, the adversary only needs to be wrong once.”
Building upon MITRE’s Shield framework and more than 10 years of operational experience, Engage defines a common terminology for the cyber defense community. More than a matrix, the Engage toolkit featured on the website also includes a guidebook, starter kit, worksheets, posters, and other resources to decrease planning obstacles while increasing expertise. CISOs can use Engage to create a strategy for protecting the company, defenders can use it to implement that strategy, and vendors can use it to align their products with their users’ goals.
In the past year, MITRE ran a series of focus groups with vendors, defenders, and CISOs to solicit feedback and insight into Engage’s development. MITRE also runs regular adversary engagement operations to inform and drive the resources it publishes on the Engage website. And MITRE continues to gather the community’s thoughts and feedback about how Engage can help defenders.
“Engage goes beyond a framework. It delves deep and wide into the entire process of adversary engagement, from planning to analyzing,” said Morovitz. “Plus, as we grow the Engage community, we can continually improve and mature our research in defending against cyber threats.”