| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1590 | Gather Victim Network Information |
Comments
VPC security perimeters can limit the impact from active scanning techniques used to gain further information about the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1590.004 | Network Topology |
Comments
VPC security perimeters can limit the impact from active scanning techniques used to gain further information about the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1590.005 | IP Addresses |
Comments
VPC security perimeters can limit the impact from active scanning techniques used to gain further information about the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1046 | Network Service Scanning |
Comments
VPC security perimeters can limit the impact from active scanning and lateral movement techniques used to exploit the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1135 | Network Share Discovery |
Comments
VPC security perimeters can limit the impact from active scanning and lateral movement techniques used to exploit the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1595 | Active Scanning |
Comments
VPC security perimeters can limit the impact from active scanning and lateral movement techniques used to exploit the target environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1595.001 | Scanning IP Blocks |
Comments
VPC security perimeters can limit the impact from active scanning on private networks and lateral movement techniques used to exploit target environments.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1098 | Account Manipulation |
Comments
VPC further segments the environment by providing configurable granular access controls which help limit user communications to critical systems.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | partial | T1098.001 | Additional Cloud Credentials |
Comments
VPC further segments the environment by providing configurable granular access controls which help limit user permissions to communicate with critical systems.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | partial | T1557 | Adversary-in-the-Middle |
Comments
VPC security perimeter mitigates the impact from Adversary-in-the-Middle by creating virtual segmentation that limits the data and information broadcast on the network.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1602 | Data from Configuration Repository |
Comments
VPC security perimeters can isolate resources and limit the impact from lateral movement techniques used to access sensitive data.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1190 | Exploit Public-Facing Application |
Comments
VPC security perimeters can segment private resources to further reduce user access and operate in a logically separate hosting environment.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1552.007 | Container API |
Comments
VPC security perimeters can segment private resources to provide access based on user identity or organizational ingress/egress policies (e.g., instance, subnet).
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | significant | T1018 | Remote System Discovery |
Comments
VPC security perimeters can segment private resources to deny traffic based on organizational policy.
References
|
| virtual_private_cloud | Virtual Private Cloud | protect | minimal | T1570 | Lateral Tool Transfer |
Comments
VPC security perimeters can segment private resources to deny ingress and egress traffic based on organizational policies. Because this tool does not prevent attacks from valid accounts or compromised machines, it was scored as minimal.
References
|