MITRE Engage seeks to help the CISOs, and other security decision makers, understand how denial, deception, and adversary engagement fit into the organization’s current cyber strategy.
To get started, click here to familiarize yourself with the Engage structure and terminology.
We at MITRE are strong believers that cyber deception technologies, unlike many other defensive technologies, are not “fire and forget.” Rather, deception technologies should be deployed as part of an intentional strategy that drives toward well understood goals. As such, Engage is designed to help decision makers:
Create policies and procedures for safe network operation and response to incidents. Engage introduces planning and adapting as fundamental components of the framework. While planning and adapting are CISO functions, the practitioner needs know how activities like collection, reassurance, and motivation can lead to the detection of incidents.
Reduce risks to information and related technologies. Engage lays out activities to support the detection, prevention, direction, and disruption of adversaries. We believe that employing these activities can support the mission of risk reduction.
Protect information and assets. While denial activities limit an adversary’s access to legitimate information, deception performs an additional protection mechanism. Providing misinformation about systems or data can decrease the trust or value an adversary puts into those assets. Decreasing value and trust typically will cause an adversary to avoid those objects.
We recommend the following steps for decision makers interested in furthering exploring what Engage can do to enhance cybersecurity strategies:
Read the definitions for each of the Strategic Approaches and Activities under Prepare. These Activities focus on identifying all of the information that needs to be gathered before an operation has started. Successfully completing these Activities will ensure that all key stakeholders have been engaged and that all future activities are informed by a threat model that is as complete as possible.
Review the Engagement Goals. Do you want to Expose adversaries on the network to reveal previously unknown threats? Do you want to Affect adversaries by imposing a negative resource cost? Or do you want to Elicit adversary TTPs to generate a CTI feed or to inform other defenses? By selecting an Engagement Goal early in your operational planning, Engage helps the defender ensure that operations remain focused and driving forward progress.
Review Approaches and Activities under Understand. These actions ensure that the various raw data outputs from the operation are distilled into actionable intelligence. This intelligence can then be fed back into future operations and used to inform other defenses. By bookending activities in the context of strategic planning and analysis, Engage seeks to provide cybersecurity decision makers the framework they need to understand the goals of deception and how to drive progress towards those goals.