Introducing MITRE Shield Adversary Group Mappings
We built MITRE Shield to empower defenders against potential risks and attacks, as well as help them think creatively about the opportunities that are presented when an adversary uses a Tactic, Technique, or Procedure (TTP). We hope to encourage a conversation centered on active defense and how it can be used by defensive practitioners and organizations, regardless of their size or skill level.
To further this goal, we are happy to announce the addition of Adversary Group Mappings to the MITRE Shield knowledge base!
Utilizing MITRE ATT&CK® Groups, we have developed mappings for most ATT&CK Techniques that each adversary group is known to use, and the corresponding Opportunities, Techniques, and Use Cases provided by Shield that map to it. These new groups can be found under the ATT&CK Mapping navigation menu item on the MITRE Shield website. This will bring you to a listing of each Adversary Group and a link to their Group Details page.
Shield has also been updated to use the latest version of ATT&CK to bring in the Reconnaissance and Resource Development Tactics and new ATT&CK Techniques. We created new Shield ATT&CK mappings to go along with them!
Since Adversary Groups are constantly evolving their TTPs, we cannot become complacent.
With the new Groups mapping, defenders can now look at particular Adversary Groups and adapt specific active defense techniques to counter the TTPs that they use. Since Adversary Groups are constantly evolving their TTPs, we cannot become complacent. Even if you deploy active defense techniques to counter an adversary’s current behavior, it is imperative that you review your defenses for accuracy and inclusivity. It is also important to be creative with your implementations and think a step ahead of the adversary by deploying active defense techniques that counter TTPs that they do not currently use. Being proactive in your defensive strategies is how you get ahead in the game.
As always, we are excited to get your feedback on this new feature of MITRE Shield and use it to improve Shield moving forward. You can contact us via email at shield@mitre.org
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20–00398–11.
