Liars and Saints: Demystifying Cyber Deception, MITRE Shield, and Active Defense (Part 1)

How MITRE Shield has turned cyber deception technology into a business imperative to deny a contested network to adversaries.


Just when you began to fully wrap your head around the MITRE ATT&CK framework, MITRE went and published a brand new framework for you to understand that it's called MITRE Shield.

Have you seen MITRE Shield mentioned in a recent publication or heard about it in a vendor pitch but were too embarrassed to ask what the heck it was? Don't understand deception technology and what it's relevancy to MITRE Shield is? You aren't alone. With Shield in its infancy, there's still much to be written and understood about this new framework and the concept its founded upon of active defense.

This is part 1 in a series of articles I'm publishing on MITRE Shield, active defense, and how cyber deception technology fits into this narrative.

But first..

Who is MITRE

MITRE is a non-profit with beginnings in 1958 whose mission was to support U.S. government agencies through research and development. MITRE was a brainchild of the late Robert Everrett that today, has grown to manage federally funded research and development centers (FRDCs) based in Bedford, MA and McLean VA.

In short, FRDCs are public-private partnerships, which conduct research for the U.S. government around specific issues of national security, technology, and other challenges that have resulted in evolutions in radar, aircraft, computing, and most famously, the development of nuclear weapons.

MITRE gained significant popularity as a "household name" in cybersecurity in 2013 when it announced its new MITRE ATT&CK framework, which today has become the litmus test that cybersecurity vendors align their products to and for defenders to perform gap analysis of their cybersecurity controls. Today, ATT&CK has become a center of gravity for both vendors on how to position their cybersecurity products and for defenders to effectively instrument defenses against adversarial tactics, techniques, and procedures (TTPs).