We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org


Stop all or part of the adversary's ability to conduct their operation as intended.

Prevention focuses on stopping the adversary's ability to conduct their operations as intended. The defender can physically or virtually remove or disable resources, tighten security controls, or otherwise impair the adversary's ability to operate. A defender might prevent an adversary from operating to force them to reveal different, possibly more advanced, capabilities. Additionally, a defender can use Prevention to discourage the adversary from operating against a specific target. In this case, the defender may be attempting to encourage the adversary to focus elsewhere in the engagement environment.

There are many more Prevention activities that are also good cybersecurity practices. However, in Engage, we are focused on a subset of activities. Those are focused exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Affect the adversary.

ID: EAP0003
Type:  Engagement
Goals:  Affect


Activity NameDescriptionID
Baseline Identify key system elements to establish a baseline and be prepared to reset a system to that baseline when necessary. EAC0019
Hardware Manipulation Alter the hardware configuration of a system to limit what an adversary can do with the device. EAC0017
Isolation Configure devices, systems, networks, etc. to contain activity and data, thus preventing the expansion an engagement beyond desired limits. EAC0020
Network Manipulation Make changes to network properties and functions to achieve a desired effect. EAC0016
Security Controls Alter security controls to make the system more or less vulnerable to attack. EAC0018