Key Questions About MITRE Shield

Christina Fowler
Oct 6 · 3 min read

We recently released the MITRE Shield Active Defense Knowledge Base — which was developed from our first-hand experience with defending MITRE’s corporate network. Since then, we’ve gotten many questions about Shield and our approach to active defense. We’d like to take a step back and answer some of these key questions. While these do not reflect all of the questions we have received, they do address topics that have been asked multiple times.

Why did you choose to call Shield an ‘Active Defense’ knowledge base?

We wanted to raise awareness and stimulate conversation about defenders taking a less passive, more active mindset. We defenders are in a contest with adversaries who are determined and constantly evolving. To succeed, we need to better understand what cyber adversaries do, what’s working (and not working) in our defense strategies, and how we might shift the game in our advantage. That is what we see as the heart of an active defense.

We recognize that to some “active defense” implies doing things that we simply do not touch upon, like offensive techniques. We feel these techniques fall outside the scope of what a typical organization might do and therefore do not fit into our current focus for MITRE Shield.

Why does a technique appear in many different columns in the Shield matrix?

In designing MITRE Shield, we tried to choose techniques that were “multi-use,” meaning the same technique could deliver different results depending on how it was applied. Our goal was to show that an organization armed with a core set of techniques could produce various outcomes depending on how they approached a problem and how they applied those techniques. We tried to choose techniques that were attainable and actionable for a wide array of organizations.

What is Opportunity Space?

We think looking for opportunities in what attackers do is central to an effective active defense mindset. This has been somewhat organic or instinctive in our approach, but as we began formalizing what we are learning in Shield, we wanted to make it explicit. We’ve already heard comments like “I hadn’t thought of attacks as an opportunity before,” so we’re hopeful people are going to find this mindset useful!

Why are there only one technique approaches in this version of MITRE Shield?

For the initial version of MITRE Shield, we decided to show how individual techniques could be applied, based on an adversary’s actions. We believe Shield’s modular design will allow organizations to combine techniques together as their skills and tools allow. In the next version of Shield, we envision creating plays which involve one or more techniques. These plays will give defenders more robust options to have in their active defense arsenal.

How can I programmatically work with the data in MITRE Shield?

We provide the MITRE Shield data in JSON format for those wishing to use it. You can find the data on our GitHub repo in the _data folder.

Looking Ahead

As we move forward, we will be releasing key information to help organizations — both big and small — understand how they can leverage MITRE Shield to be more effective defenders and CISO and leadership can find value in an active defense. Be sure to check back for regular updates and follow our LinkedIn page for more information.

Image for post
Image for post

©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20–00398–8.

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base

Christina Fowler

Written by

Chief Cyber Intel Strategist, MITRE Shield Team Member

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base. The full website is located at https://shield.mitre.org.

Christina Fowler

Written by

Chief Cyber Intel Strategist, MITRE Shield Team Member

MITRE Shield

This is the official blog for MITRE Shield, the MITRE-developed active defense knowledge base. The full website is located at https://shield.mitre.org.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store