Home Framework MITER Releases First Final Version of Engage Deception Framework

MITER Releases First Final Version of Engage Deception Framework

0
The Miter building is seen in McLean, Virginia in 2017. (Antony-22, CC BY-SA 4.0 via Wikimedia Commons)

MITER released the first official version of its Engage deception framework on Monday after eight months of running in public beta. The finalized version 1.0 is more friendly for inexperienced users, less dependent on a strategy matrix and more refined in the language.

“When we started, we had every intention of releasing our V1 in the fall of last year. We thought a few people might notice the beta in August when we released it. The beta would be released. V1,” said Maretta Morovitz, Engage Manager at MITRE.

Instead, MITER heard from more than 100 stakeholders, including 30 organizations, 10 focus groups, and comments ranging from the official to people taking to social media.

Engage replaces Shield, MITER’s first attempt at a misleading product. Shield was conceptualized more as a knowledge database, with Engage designed as a strategy guide. Engage separates the general concept of using fake files or servers into several different potential purposes, including alerting defenders of an attack, slowing attackers as they traverse a network, and providing attacker intelligence as they go.

In the public beta, which took the form of a policy matrix, MITER found that many users – new users especially – needed a product that was a little more user-friendly. The Matrix remains at the heart of the product, but there are now five other areas on the website that Defenders can engage with.

There was a minor restructuring of the Matrix along the way. The idea of ​​threat modeling is no longer treated as a single activity and is now split between business threat modeling and adversary threat modeling.

MITER has also tweaked the language to make sense globally, rather than just in its East Coast, US offices.

“It turned out that the Europeans didn’t know what a ‘hotwash’ was,” Morovitz said.

Deception is becoming a strategic concept. MITER worked with vendors in the nascent field to explain how their products fit the Engage framework. Many have developed the products with wired deception aspects, without so much focus on the other strategic advantages they can bring. Morovitz believes that commercially available technologies can often be used in more ways than what their makers currently market.

On the other hand, she also thinks that smaller companies and less experienced advocates may be underestimating what they could accomplish with free canary tokens and open source honeypots – it doesn’t have to be. a million dollar business.

But the biggest conceptual hurdle facing MITER by potential users is the belief that the use of deception in cyber defense is somehow cheating or less honorable than other defensive technologies.

“If you go back to history, armies would much rather win on an open battlefield than have a spy or sneak around or cheat. There’s this ingrained thing that when you do that, it’s is less of a win,” she said. “It’s shocking to me how many times you say the word deception and people feel like they need their lawyers in the room immediately.”

As the new version of the Engage framework is released, MITER hopes to build a community around the framework to create more collaboration and support among deception users. This includes incorporating more behavioral research into the craft.

“You have a lot of engineers thinking about this, but we need to bring in behavioral scientists and academic researchers. We’re actually working with researchers and PhD students to figure out how to start engaging this community,” said Morovitz. .