Introducing MITRE Shield Adversary Group Mappings

Mike Goffin
Dec 1, 2020 · 2 min read

We built MITRE Shield to empower defenders against potential risks and attacks, as well as help them think creatively about the opportunities that are presented when an adversary uses a Tactic, Technique, or Procedure (TTP). We hope to encourage a conversation centered on active defense and how it can be used by defensive practitioners and organizations, regardless of their size or skill level.

To further this goal, we are happy to announce the addition of Adversary Group Mappings to the MITRE Shield knowledge base!

Utilizing MITRE ATT&CK® Groups, we have developed mappings for most ATT&CK Techniques that each adversary group is known to use, and the corresponding Opportunities, Techniques, and Use Cases provided by Shield that map to it. These new groups can be found under the ATT&CK Mapping navigation menu item on the MITRE Shield website. This will bring you to a listing of each Adversary Group and a link to their Group Details page.

Shield has also been updated to use the latest version of ATT&CK to bring in the Reconnaissance and Resource Development Tactics and new ATT&CK Techniques. We created new Shield ATT&CK mappings to go along with them!

Since Adversary Groups are constantly evolving their TTPs, we cannot become complacent.

With the new Groups mapping, defenders can now look at particular Adversary Groups and adapt specific active defense techniques to counter the TTPs that they use. Since Adversary Groups are constantly evolving their TTPs, we cannot become complacent. Even if you deploy active defense techniques to counter an adversary’s current behavior, it is imperative that you review your defenses for accuracy and inclusivity. It is also important to be creative with your implementations and think a step ahead of the adversary by deploying active defense techniques that counter TTPs that they do not currently use. Being proactive in your defensive strategies is how you get ahead in the game.

As always, we are excited to get your feedback on this new feature of MITRE Shield and use it to improve Shield moving forward. You can contact us via email at shield@mitre.org

Image for post
Image for post

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20–00398–11.

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base

Mike Goffin

Written by

Lead Cyber Engagement Specialist & MITRE Shield Team Member | @mjxg

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base. The full website is located at https://shield.mitre.org.

Mike Goffin

Written by

Lead Cyber Engagement Specialist & MITRE Shield Team Member | @mjxg

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base. The full website is located at https://shield.mitre.org.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store