A cycle showing four stages: collect raw data, analyze adversary behaviors, identify opportunities, and implement engagements. The Collect stage shows ghosts hovering around a computer network. The Analyze stage shows a ghost mapping the data it collected to ATT&CK to understand adversary vulnerabilities based on their behavior. The Identify stage shows a ghost using a magnifying glass to choose applicable engagement opportunities from the Engage matrix. The Implement stage shows three happy ghosts inside a “Trojan Horse” as they conduct the engagement.

Cyber denial and deception, when used in unison and within the context of strategic planning and analysis, are the pillars of Adversary Engagement.

When paired with defense-in-depth technologies, adversary engagement allows defenders to proactively interact with cyber adversaries to achieve the defender’s strategic goals. Cyber Denial is the ability to prevent or otherwise impair the adversary’s ability to conduct their operations. This disruption may limit the adversary’s movements or collection efforts, or otherwise diminish the effectiveness of their capabilities. Cyber Deception intentionally reveals deceptive facts and fictions to mislead the adversary, while concealing critical facts and fictions to prevent the adversary from forming correct estimations or taking appropriate actions. This paper describes how, when used in unison and within the context of strategic planning and analysis, cyber denial and deception provide the pillars of adversary engagement.

Version: 1.0

Last updated: 2/28/2022

Fill out this form to provide feedback on this resource!