We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org

Network Diversity

Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.

Network Diversity involves the use of an assorted collection of network resources such as networking devices, firewalls, printers, phones, etc. Network Diversity can be used to encourage adversaries to engage by offering a broad attack surface. Additionally, diversity can increase the adversary's overall comfort level by adding to the believability of the environment. By monitoring adversary activity in a diverse environment, the defender can gain information on the adversary's capabilities and targeting preferences. For example, a defender can deploy a variety of network resources to identify which devices are targeted by the adversary.

ID: EAC0007
Type:  Engagement 
Goals:  Elicit
Approaches:  Reassurance Motivation
Whenever an adversary interacts with the environment, their actions reveal vulnerabilities. Defenders can utilize engagement activities to take advantage of such weaknesses.

The following table lists the adversary tactics on the left and the revealed vulnerability on the right that can be exploited by the defender using Network Diversity.

ATT&CK® Tactics Adversary Vulnerability Presented
Discovery Initial Access Impact Collection Reconnaissance When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.