Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1008 | Fallback Channels | |
| CA-7 | Continuous Monitoring | Protects | T1008 | Fallback Channels | |
| CM-2 | Baseline Configuration | Protects | T1008 | Fallback Channels | |
| CM-6 | Configuration Settings | Protects | T1008 | Fallback Channels | |
| CM-7 | Least Functionality | Protects | T1008 | Fallback Channels | |
| SC-7 | Boundary Protection | Protects | T1008 | Fallback Channels | |
| SI-3 | Malicious Code Protection | Protects | T1008 | Fallback Channels | |
| SI-4 | System Monitoring | Protects | T1008 | Fallback Channels | |
| azure_firewall | Azure Firewall | technique_scores | T1008 | Fallback Channels |
Comments
This control's threat intelligence-based filtering feature can be enabled to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Because this protection is limited to known malicious IP addresses and domains and does not provide protection from such attacks from unknown domains and IP addresses, this is scored as partial coverage resulting in an overall Partial score.
References
|