Azure Azure Network Security Groups Capability Group

Provides protection coverage for only one sub-technique partially (booting from remote devies ala TFTP boot) resulting in an overall score of Minimal.

This control provides partial protection for all of its sub-techniques and procedure examples resulting in an overall score of Partial.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can be used to restrict direct access to remote services to trusted networks. This mitigates even an adversary with a valid account from accessing resources. This can be circumvented though if an adversary is able to compromise a trusted host and move laterally to a protected network. This results in an overall partial (coverage) score.

This control can protect against abuse of remote cloud services.

This control can protect against abuse of direct cloud VM connections.

This control can be used to restrict access to trusted networks.

This control can be used to limit access to critical network systems such as software deployment tools.

This control can restrict ports and inter-system / inter-enclave connections as described by the Proxy related sub-techniques although it doesn't provide protection for domain-fronting. It furthermore provides partial protection of this technique's procedure examples resulting in an overall Partial score.

This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.

This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.

This control can restrict access between systems, enclaves, and workloads thereby mitigating these proxy related sub-techniques.

This control can be used to restrict access to trusted networks and protocols.

This control can be used to restrict direct access to remote service gateways and concentrators that typically accompany external remote services. This can be circumvented though if an adversary is able to compromise a trusted host and use it to access the external remote service. This results in an overall partial (coverage) score.

This control can isolate portions of network that do not require network-wide access, limiting some attackers that leverage trusted relationships such as remote access for vendor maintenance. Coverage partial, Temporal Immediate.

This control provides partial protection for this technique's sub-techniques and procedure examples resulting in an overall Partial score. Other variations that trigger a special response, such as executing a malicous task are not mitigated by this control.

This control can be used to restrict access to remote services to minimum necessary.

This control can be used to restrict network communications to protect sensitive enclaves that may mitigate some of the procedure examples of this technique.

This control can be used to isolate sensitive domains to limit discovery.

This control can be used to restrict access to endpoints and thereby mitigate low-end network DOS attacks.

This control provides partial protection for a majority of this control's sub-techinques and procedure examples resulting in overall score of Partial.

This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.

This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.

This control can be used to restrict access to endpoints and thereby mitigate low-end DOS attacks.

This control can be used to restrict clients to connecting (and therefore booting) from only trusted network resources.

This control can be used to limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce MiTM conditions.

This control can be used to limit traffic between systems and enclaves to minimum necessary for example via a zero-trust strategy.

This control can limit attackers access to configuration repositories such as SNMP management stations, or to dumps of client configurations from common management ports.

Can limit access to client management interfaces or configuration databases

Can limit access to client management interfaces or configuration databases

This control can be used to limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce content injection conditions.

NSG can minimize alternative protocols allowed to communicate externally.

This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.

This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.

This control can reduce the protocols available for data exfiltration. Temporal immediate, coverage substantial.

This control can be used to implement whitelist based network rules that can mitigate variations of this sub-techniques that result in opening closed ports for communication. Because this control is able to drop traffic before reaching a compromised host, it can effectively mitigate this port knocking sub-technique.

This capability can be configured to limit bandwidth available to connections.

This control can restrict traffic to standard ports and protocols.