MITRE D3FEND

Defensive techniques mapped against ATT&CK — know how to defend

All 55 techniques Model 27 Harden 55 Detect 90 Isolate 56 Deceive 11 Evict 19 Restore 12
D3-AA Harden
Agent Authentication
Agent authentication is the process of verifying the identities of agents to ensure they are authorized and trustworthy participants within a system.
Counters 6 ATT&CK
D3-ACH Harden
Application Configuration Hardening
Modifying an application's configuration to reduce its attack surface.
Counters 3 ATT&CK
D3-AH Harden
Application Hardening
Application Hardening makes an executable application more resilient to a class of exploits which either introduce new code or execute unwanted existing code. These techniques may be applied at compile-time or on an application binary.
D3-BAN Harden
Biometric Authentication
Using biological measures in order to authenticate a user.
D3-BA Harden
Bootloader Authentication
Cryptographically authenticating the bootloader software before system boot.
Counters 1 ATT&CK
D3-BMA Harden
Bus Message Authentication
Applies cryptographic primitives to individual bus frames to verify the sender's identity and ensure the integrity of the data payload.
D3-CP Harden
Certificate Pinning
Persisting either a server's X.509 certificate or their public key and comparing that to server's presented identity to allow for greater client confidence in the remote server's identity for SSL connections.
Counters 1 ATT&CK
D3-CERO Harden
Certificate Rotation
Certificate rotation involves replacing digital certificates and their private keys to maintain cryptographic integrity and trust, mitigating key compromise risks and ensuring continuous secure communications.
Counters 1 ATT&CK
D3-CBAN Harden
Certificate-based Authentication
Requiring a digital certificate in order to authenticate a user.
Counters 1 ATT&CK
D3-CDP Harden
Change Default Password
Changing the default password means replacing the factory-set credentials with a strong, unique password before the device is deployed, preventing unauthorized access.
Counters 7 ATT&CK
D3-CFI Harden
Control Flow Integrity
Enforcing legal control flow transfers during application process execution.
D3-CH Harden
Credential Hardening
Credential Hardening techniques modify system or network properties in order to protect system or network/domain credentials.
Counters 10 ATT&CK
D3-CRO Harden
Credential Rotation
Credential rotation is a security procedure in which authentication credentials, such as passwords, API keys, or certificates, are regularly changed or replaced to minimize the risk of unauthorized access.
Counters 10 ATT&CK
D3-CS Harden
Credential Scrubbing
The systematic removal of hard-coded credentials from source code to prevent accidental exposure and unauthorized access.
Counters 1 ATT&CK
D3-DCE Harden
Dead Code Elimination
Removing unreachable or "dead code" from compiled source code.
D3-DRA Harden
Disable Remote Access
Limiting access to a computing device which is not required through or from a non-organization-controlled network.
Counters 3 ATT&CK
D3-DENCR Harden
Disk Encryption
Encrypting a hard disk partition to prevent cleartext access to a file system.
Counters 2 ATT&CK
D3-DLV Harden
Domain Logic Validation
Validation of variable state in the context of the domain application.
Counters 1 ATT&CK
D3-DLIC Harden
Driver Load Integrity Checking
Ensuring the integrity of drivers loaded during initialization of the operating system.
D3-EMH Harden
Electromagnetic Radiation Hardening
The application of physical and material-level design measures to electronic systems, components, or facilities to reduce their susceptibility to damage or disruption from electromagnetic threats.
D3-EHPV Harden
Exception Handler Pointer Validation
Validates that a referenced exception handler pointer is a valid exception handler.
D3-FE Harden
File Encryption
Encrypting a file using a cryptographic key.
Counters 46 ATT&CK
D3-HBWP Harden
Hardware-based Write Protection
Physical methods of preventing data from being written to computer storage.
Counters 1 ATT&CK
D3-IRV Harden
Integer Range Validation
Ensuring that an integer is within a valid range.
D3-MBSV Harden
Memory Block Start Validation
Ensuring that a pointer accurately references the beginning of a designated memory block.
D3-MAN Harden
Message Authentication
Authenticating the sender of a message and ensuring message integrity.
D3-MENCR Harden
Message Encryption
Encrypting a message body using a cryptographic key.
D3-MH Harden
Message Hardening
The application of security controls to user-to-user and system-to-system communications so messages remain confidential, unaltered, and verifiable while resisting injection, replay, and tampering.
D3-MFA Harden
Multi-factor Authentication
Requiring proof of two or more pieces of evidence in order to authenticate a user.
Counters 10 ATT&CK
D3-NPC Harden
Null Pointer Checking
Checking if a pointer is NULL.
D3-OTP Harden
One-time Password
A one-time password is valid for only one user authentication.
Counters 1 ATT&CK
D3-OLV Harden
Operational Logic Validation
Validation of variable state in the context of the control logic of the operational application.
D3-PWA Harden
Password Authentication
Password authentication is a security mechanism used to verify the identity of a user or entity attempting to access a system or resource by requiring the input of a secret string of characters, known as a password, that is associated with the user or entity.
Counters 1 ATT&CK
D3-PR Harden
Password Rotation
Password rotation is a security policy that mandates the periodic change of user account passwords to mitigate the risk of unauthorized access due to compromised credentials.
Counters 1 ATT&CK
D3-PEH Harden
Physical Enclosure Hardening
Physical changes to a computer enclosure which reduce the ability for agents or the environment to affect the contained computer system.
D3-PH Harden
Platform Hardening
Hardening components of a Platform with the intention of making them more difficult to exploit. Platforms includes components such as: * BIOS UEFI Subsystems * Hardware security devices such as Trusted Platform Modules * Boot process logic or code * Kernel software components
D3-PAN Harden
Pointer Authentication
Comparing the cryptographic hash or derivative of a pointer's value to an expected value.
D3-PV Harden
Pointer Validation
Ensuring that a pointer variable has the required properties for use.
D3-PSEP Harden
Process Segment Execution Prevention
Preventing execution of any address in a memory region other than the code segment.
Counters 12 ATT&CK
D3-RFS Harden
RF Shielding
Adding physical barriers to a platform to prevent undesired radio interference.
D3-RH Harden
Radiation Hardening
Radiation hardening is the process of making electronic components and circuits resistant to damage or malfunction caused by high levels of ionizing radiation.
Counters 11 ATT&CK
D3-RN Harden
Reference Nullification
Invalidating all pointers that reference a specific memory block, ensuring that the block cannot be accessed or modified after deallocation.
D3-SAOR Harden
Segment Address Offset Randomization
Randomizing the base (start) address of one or more segments of memory during the initialization of a process.
Counters 12 ATT&CK
D3-SU Harden
Software Update
Replacing old software on a computer system component.
Counters 19 ATT&CK
D3-SCH Harden
Source Code Hardening
Hardening source code with the intention of making it more difficult to exploit and less error prone.
D3-SFCV Harden
Stack Frame Canary Validation
Comparing a value stored in a stack frame with a known good value in order to prevent or detect a memory segment overwrite.
Counters 5 ATT&CK
D3-SPP Harden
Strong Password Policy
Modifying system configuration to increase password strength.
Counters 1 ATT&CK
D3-SCP Harden
System Configuration Permissions
Restricting system configuration modifications to a specific user or group of users.
Counters 11 ATT&CK
D3-TBI Harden
TPM Boot Integrity
Assuring the integrity of a platform by demonstrating that the boot process starts from a trusted combination of hardware and software and continues until the operating system has fully booted and applications are running. Sometimes called Static Root of Trust Measurement (STRM).
D3-TB Harden
Token Binding
Token binding is a security mechanism used to enhance the protection of tokens, such as cookies or OAuth tokens, by binding them to a specific connection.
Counters 4 ATT&CK
D3-TBA Harden
Token-based Authentication
Token-based authentication is an authentication protocol where users verify their identity in exchange for a unique access token. Users can then access the website, application, or resource for the life of the token without having to re-enter their credentials.
Counters 4 ATT&CK
D3-TAAN Harden
Transfer Agent Authentication
Validating that server components of a messaging infrastructure are authorized to send a particular message.
D3-TL Harden
Trusted Library
A trusted library is a collection of pre-verified and secure code modules or components that are used within software applications to perform specific functions. These libraries are considered reliable and have been vetted for security vulnerabilities, ensuring they do not introduce risks into the application.
Counters 1 ATT&CK
D3-VI Harden
Variable Initialization
Setting variables to a known value before use.
Counters 1 ATT&CK
D3-VTV Harden
Variable Type Validation
Ensuring that a variable has the correct type.