MITRE introduced MITRE Engage™, a communication, and planning framework for cyber adversary engagement, deception, and denial efforts. Engage assists chief information security officers (CISOs), cyber defenders, and vendors in implementing protection methods based on real-world adversary behavior.
Adversary engagement and deception operations can halve the cost of a data breach, waste an adversary's time, and make attackers more challenging to discover. Engage is mapped to the MITRE ATT&CK® framework, which allows practitioners to quickly identify an attacker's weaknesses when utilizing a given ATT&CK technique and how to exploit them.
Maretta Morovitz, MITRE Engage lead, said, “Engage is about empowering the cyber defense community. Every day, adversaries launch cyber-attacks. Some will always slip through. Taller walls aren’t the complete solution. We need to stop what we can and be prepared to engage with those who make it through. With traditional cyber defense, the adversary only needs to be right once, but with cyber deception, the adversary only needs to be wrong once.”
Engage offers a standard nomenclature for the cyber security community, based on MITRE's Shield framework and more than ten years of operational experience. The Engage toolkit on the website offers more than just a matrix; it also includes a manual, starter kit, worksheets, posters, and other materials to help you overcome planning challenges while improving your knowledge. CISOs may use Engage to develop a security strategy for their firm, defenders can use it to put that strategy into action, and suppliers can use it to align their products with the aims of their customers.
MITRE held a series of focus groups with vendors, defenders, and CISOs over the last year to gather input and insight on Engage's development. MITRE also conducts enemy engagement operations to inform and drive the Engage website's resources. And MITRE is still collecting ideas and feedback from the public about how Engage can help defenses.
“Engage goes beyond a framework. It delves deep and wide into the entire process of adversary engagement, from planning to analyzing, Plus, as we grow the Engage community, we can continually improve and mature our research in defending against cyber threats.”