Mitigations – Enterprise ATT&CK 15.1 → 16.0

Description
Establish secure out-of-band communication channels to ensure the continuity of critical communications during security incidents, data integrity attacks, or in-network communication failures. Out-of-band communication refers to using an alternative, separate communication path that is not dependent on the potentially compromised primary network infrastructure. This method can include secure messaging apps, encrypted phone lines, satellite communications, or dedicated emergency communication systems. Leveraging these alternative channels reduces the risk of adversaries intercepting, disrupting, or tampering with sensitive communications and helps coordinate an effective incident response.(Citation: TrustedSec OOB Communications)(Citation: NIST Special Publication 800-53 Revision 5)

Modified Description View changes side-by-side
Implement robust Active Directory configurations using group policies to control access and reduce the attack surface. Specific examples include: * Account Configuration: Use provisioned domain accounts rather than local accounts to leverage centralized control and auditing capabilities. * Interactive Logon Restrictions: Enforce group policies that prohibit interactive logons for accounts that should not directly access systems. * Remote Desktop Settings: Limit Remote Desktop logons to authorized accounts to prevent misuse by adversaries. * Dedicated Administrative Accounts: Create specialized domain-wide accounts that are restricted from interactive logons but can perform specific tasks like installations or repository access. * Authentication Silos: Configure Authentication Silos in Active Directory to prevent use of certain techniques; use SID Filtering, etc. create access zones with restrictions based on membership in the Protected Users global security group. This setup enhances security by applying additional protections to high-risk accounts, limiting their exposure to potential attacks.

Modified Description View changes side-by-side

Implement robust Active Directory configurations using group policies to control access and reduce the attack surface. Specific examples include: * Account Configuration: Use provisioned domain accounts rather than local accounts to leverage centralized control and auditing capabilities. * Interactive Logon Restrictions: Enforce group policies that prohibit interactive logons for accounts that should not directly access systems. * Remote Desktop Settings: Limit Remote Desktop logons to authorized accounts to prevent misuse by adversaries. * Dedicated Administrative Accounts: Create specialized domain-wide accounts that are restricted from interactive logons but can perform specific tasks like installations or repository access. * Authentication Silos: Configure Authentication Silos in Active Directory to prevent use of certain techniques; use SID Filtering, etc. create access zones with restrictions based on membership in the Protected Users global security group. This setup enhances security by applying additional protections to high-risk accounts, limiting their exposure to potential attacks.

Old Description	New Description View changes inline
Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.	Implement robust Active Directory configurations using group policies to control access and reduce the attack surface. Specific examples include: * Account Configuration: Use provisioned domain accounts rather than local accounts to leverage centralized control and auditing capabilities. * Interactive Logon Restrictions: Enforce group policies that prohibit interactive logons for accounts that should not directly access systems. * Remote Desktop Settings: Limit Remote Desktop logons to authorized accounts to prevent misuse by adversaries. * Dedicated Administrative Accounts: Create specialized domain-wide accounts that are restricted from interactive logons but can perform specific tasks like installations or repository access. * Authentication Silos: Configure Authentication Silos in Active Directory to create access zones with restrictions based on membership in the Protected Users global security group. This setup enhances security by applying additional protections to high-risk accounts, limiting their exposure to potential attacks.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2020-05-29 16:34:40.344000+00:00	2024-10-08 17:01:33.131000+00:00
description	Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.	Implement robust Active Directory configurations using group policies to control access and reduce the attack surface. Specific examples include: * Account Configuration: Use provisioned domain accounts rather than local accounts to leverage centralized control and auditing capabilities. * Interactive Logon Restrictions: Enforce group policies that prohibit interactive logons for accounts that should not directly access systems. * Remote Desktop Settings: Limit Remote Desktop logons to authorized accounts to prevent misuse by adversaries. * Dedicated Administrative Accounts: Create specialized domain-wide accounts that are restricted from interactive logons but can perform specific tasks like installations or repository access. * Authentication Silos: Configure Authentication Silos in Active Directory to create access zones with restrictions based on membership in the Protected Users global security group. This setup enhances security by applying additional protections to high-risk accounts, limiting their exposure to potential attacks.
x_mitre_version	1.1	1.2

Description
Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2020-10-21 19:08:13.228000+00:00	2024-10-17 18:55:19.798000+00:00

Description
Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2020-03-31 13:08:36.655000+00:00	2024-10-17 18:55:04.576000+00:00

Description
Use intrusion detection signatures to block traffic at network boundaries.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2019-06-10 20:46:02.263000+00:00	2024-10-17 18:54:36.723000+00:00

Description
Block users or groups from installing unapproved software.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2019-06-11 16:26:52.202000+00:00	2024-10-17 18:54:20.898000+00:00

Description
Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2020-06-20 20:46:36.342000+00:00	2024-10-17 18:54:05.785000+00:00

Description
Block execution of code on a system through application control, and/or script blocking.

Details

Dictionary Item Added

Field	Old value	New value
x_mitre_attack_spec_version		3.2.0
x_mitre_deprecated		False

Values Changed

Field	Old value	New value
modified	2022-02-28 19:50:41.210000+00:00	2024-10-17 18:53:48.791000+00:00

Description
Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.

Details

Values Changed

Field	Old value	New value
modified	2022-10-21 15:51:57.176000+00:00	2024-10-17 18:53:26.963000+00:00
x_mitre_attack_spec_version	2.1.0	3.2.0

Description
Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.

Details

Values Changed

Field	Old value	New value
modified	2023-03-31 14:50:47.704000+00:00	2024-10-17 18:53:08.707000+00:00
x_mitre_attack_spec_version	3.1.0	3.2.0

Version 15.1 → 16.0

Mitigations — Enterprise ATT&CK Changelog

Added Mitigations

M1060 Out-of-Band Communications Channel v1.0

M1060

Out-of-Band Communications Channel

v1.0

Modified Mitigations

M1015 Active Directory Configuration v1.2

M1015

Active Directory Configuration

v1.2

Dictionary Item Added

Values Changed

M1017 User Training v1.2

M1017

User Training

v1.2

Dictionary Item Added

Values Changed

M1026 Privileged Account Management v1.1

M1026

Privileged Account Management

v1.1

Dictionary Item Added

Values Changed

M1031 Network Intrusion Prevention v1.0

M1031

Network Intrusion Prevention

v1.0

Dictionary Item Added

Values Changed

M1033 Limit Software Installation v1.0

M1033

Limit Software Installation

v1.0

Dictionary Item Added

Values Changed

M1037 Filter Network Traffic v1.1

M1037

Filter Network Traffic

v1.1

Dictionary Item Added

Values Changed

M1038 Execution Prevention v1.2

M1038

Execution Prevention

v1.2

Dictionary Item Added

Values Changed

M1043 Credential Access Protection v1.1

M1043

Credential Access Protection

v1.1

Values Changed

M1047 Audit v1.2

M1047

Audit

v1.2

Values Changed