MITRE D3FEND

IDENTIFYING POSSIBLE COUNTERMEASURES

Now that the techniques are identified, it’s time to look at possible countermeasures dedicated to your attackers.

Let’s take the previous capture as an example; we see that the attacker is using technique T1203. To identify possible protections against this attack, we will consult what MITRE D3FEND tells us.

• Go to the site

• In the upper left section, search for the identified technique (T1203)

• Enter technique T1203

• Validate

HARDEN

The hardening tactic aims to make the exploitation of computer networks more costly and less attractive for attackers. Unlike detection, hardening mainly occurs before the system is put online and operational.

The previous diagram is interactive, so you can select only the Harden section to identify protections against this technique.

To get more information about each protection, simply click on it. Example with "Process Code Segment Verification".

DETECT

The detection tactic is used to spot adversary access or any unauthorized activity on computer networks.

The process is the same as for the Harden section.

LIMITATIONS

MITRE D3FEND does not necessarily have countermeasures for every technique.