The MITRE ATT&CK Framework® was developed with a single goal in mind: Better detection of attacker behavior after an existing compromise.
Deception technology detection assumes that attackers have already infected computers within an organization. The goal of a deception solution is to detect attackers before the damage is done and to redirect them to a secure environment. With our solution, we can analyze the techniques and tactics used in real attacks, which in turn provides security teams with important insights into the activities of the attackers.
CYBERTRAP’s Deception maps the MITRE ATT&CK Framework® and correlates with certain techniques from the matrix. Here is an excerpt of the available possibilities:
| ID | MITRE Tactics & Techniques | CYBERTRAP Deception Recommendations |
| T1190 | Exploit Public-Facing Application | Use Web Application Deception |
| T1110 | Brute Force | Use servers as traps (decoys) with different operating systems and applications |
| T1049 | System Network Connections Discovery | Use traps (decoys) with different services and bait (lures) to lure the attacker to the traps |
| T1021 | Remote Services | Use RDP servers as traps (decoys) and sprinkle the network with lures that allow access to them |
| T1039 | Data from Network Shared Drive | Use traps (decoys) with shared drives on which you distribute TrackDown documents |
These recommendations and many more result in a deception solution that is accurate and triggers traceable alerts without false positives.
Futher information about MITRE can be found at https://attack.mitre.org/ and https://shield.mitre.org/attack_mapping/
Recommended reading: What is Deception Technology?
About the author
Gerald Wallner
Head of Development at CYBERTRAP
g.wallner@cybertrap.com
What is CYBERTRAP?
CYBERTRAP is an Austrian company providing cyber security software, which is specialized in active defense and deception. Using Deception Technology, attackers are redirected into a specially created IT infrastructure before they can move further into the actual infrastructure of the company and cause damage.
