A cycle showing four stages: collect raw data, analyze adversary behaviors, identify opportunities, and implement engagements. The Collect stage shows ghosts hovering around a computer network. The Analyze stage shows a ghost mapping the data it collected to ATT&CK to understand adversary vulnerabilities based on their behavior. The Identify stage shows a ghost using a magnifying glass to choose applicable engagement opportunities from the Engage matrix. The Implement stage shows three happy ghosts inside a “Trojan Horse” as they conduct the engagement.

The Engage Matrix helps defenders integrate adversary engagement activities their defensive cyber strategy.

Adversary behavior provides the defender with opportunities for engagement. By continuously refining and changing operational activities based on this observed behavior, defenders can integrate adversary engagement activities to drive larger strategic results. This poster shows the four stage cycle. First the defender collects raw data from their network. They then analyzing this data to understand adversary behavior. Next, they can identify opportunities for engagement based on this behavior. Finally, they can implement these engagement opportunities. The cycle continues as the defender continues to refine and iterate.

Version: 1.0

Last updated: 2/28/2022

Fill out this form to provide feedback on this resource!