Configure managed endpoints with properly configured software firewalls.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-10 | Software Firewall | mitigates | T1590.002 | DNS |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1205.002 | Socket Filters |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1205.001 | Port Knocking |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1205 | Traffic Signaling |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1219.002 | Remote Desktop Software |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1219 | Remote Access Tools |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1090.003 | Multi-hop Proxy |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1090 | Proxy |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1572 | Protocol Tunneling |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1095 | Non-Application Layer Protocol |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1071.005 | Publish/Subscribe Protocols |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1071 | Application Layer Protocol |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1499 | Endpoint Denial of Service |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1498 | Network Denial of Service |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1498.002 | Reflection Amplification |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1498.001 | Direct Network Flood |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1499.002 | Service Exhaustion Flood |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1499.003 | Application Exhaustion Flood |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1070.007 | Clear Network Connection History and Configurations |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1070 | Indicator Removal |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1562.004 | Disable or Modify System Firewall |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1562.007 | Disable or Modify Cloud Firewall |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|
| UEM-10 | Software Firewall | mitigates | T1562 | Impair Defenses |
Comments
This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.
|