Stop all or part of the adversary's ability to conduct their operation as intended.
Prevention focuses on stopping the adversary's ability to conduct their operations as intended. The defender can physically or virtually remove or disable resources, tighten security controls, or otherwise impair the adversary's ability to operate. A defender might prevent an adversary from operating to force them to reveal different, possibly more advanced, capabilities. Additionally, a defender can use Prevention to discourage the adversary from operating against a specific target. In this case, the defender may be attempting to encourage the adversary to focus elsewhere in the engagement environment.
There are many more Prevention activities that are also good cybersecurity practices. However, in Engage, we are focused on a subset of activities. Those are focused exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Affect the adversary.
|Baseline||Identify key system elements to establish a baseline and be prepared to reset a system to that baseline when necessary.||EAC0019|
|Hardware Manipulation||Alter the hardware configuration of a system to limit what an adversary can do with the device.||EAC0017|
|Isolation||Configure devices, systems, networks, etc. to contain activity and data, thus preventing the expansion an engagement beyond desired limits.||EAC0020|
|Network Manipulation||Make changes to network properties and functions to achieve a desired effect.||EAC0016|
|Security Controls||Alter security controls to make the system more or less vulnerable to attack.||EAC0018|