CRI Profile DE.CM-01.01

This diagnostic statement protects adversaries from using tunneling to encapsulate a protocol within another protocol. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from infiltrating external proxies and taking over control of traffic between systems. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from infiltrating internal proxies and taking over control of traffic between systems. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from redirecting network traffic between systems by infiltrating connection proxies. Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network allow and block lists.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses over web service channel.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses over web service channel.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate malicious activity and identify adversaries that can relay data from a compromised systems through websites, cloud service, or social media.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious images so those images can't lead to malicious code being executed.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious downloads and malicious activity.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious code from malicious downloads and malicious activity.

This diagnostic statement utilizes the tools such as network intrusion prevent systems to identify, scan and block malicious email attachments that can be clicked on by users in their emails. Also, anti-virus can be used to quarantine suspicious files.

Network/Host intrusion prevention systems, antivirus, and detonation chambers can be employed to prevent documents from fetching and/or executing malicious payloads that adversaries can steal in document templates.

This diagnostic statement utilizes the tools such as network intrusion prevent systems to identify, scan and block malicious email or links that can be clicked on by users in their emails. Also, anti-virus can be used to quarantine suspicious files.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to steal data and/or encrypt or obfuscate alternate channels.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to conceal C2 traffic with asymmetric encryption algorithms.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to conceal C2 traffic with symmetric encryption algorithms.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control traffic) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation command and control activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize DNS protocol to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as SMPT/S, POP3/S and IMAP, to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as SMB, FTP, FTPS, and TFPT, to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as HTTPS and web socket, to blend in with existing traffic. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as web browsing, transferring files, email, from attacking at the OSI level. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Implementing methods similar to Wireless Intrusion prevention systems (WIPS) can identify and prevent adversary in the middle activity

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level, enabling to block adversaries from poisoning ARP caches.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

Implementing methods similar to Host Intrusion prevention (HIPS) can identify and prevent execution of malicious files and its metadata manipulated by adversaries.

Implementing methods similar to Host Intrusion prevention (HIPS) can identify and prevent execution of malicious files and its metadata manipulated by adversaries.