Esc
Isolate
Definition
The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses.
Techniques
There are 38 techniques in this category, Isolate.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Access Mediation | D3-AMED | Access mediation is the process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances). | Access Control |
| - Network Access Mediation | D3-NAM | Network access mediation is the control method for authorizing access to a system by a user (or a process acting on behalf of a user) communicating through a network, including a local area network, a wide area network, and the Internet. | Network Access Control |
| - Network Resource Access Mediation | D3-NRAM | Control of access to organizational systems and services by users or processes over a network. | Remote Access Control |
| - System Call Filtering | D3-SCF | Controlling access to local computer system resources with kernel-level capabilities. | System Call Control |
| - LAN Access Mediation | D3-LAMED | LAN access mediation encompasses the application of strict access control policies, systematic verification of devices, and authentication mechanisms to govern connectivity to a Local Area Network. | |
| - Remote File Access Mediation | D3-RFAM | Remote file access mediation is the process of managing and securing access to file systems over a network to ensure that only authorized users or processes can interact with remote files. | File Share Access Mediation |
| - Routing Access Mediation | D3-RAM | Routing access mediation is a network security approach that manages and controls access at the network layer using VPNs, tunneling protocols, firewall rules, and traffic inspection to ensure secure and efficient data routing. | |
| - Web Session Access Mediation | D3-WSAM | Web session access mediation secures user sessions in web applications by employing robust authentication and integrity validation, along with adaptive threat mitigation techniques, to ensure that access to web resources is authorized and protected from session-related attacks. | |
| - Credential Transmission Scoping | D3-CTS | Limiting the transmission of a credential to a scoped set of relying parties. | Phishing Resistant Authentication |
| - Local File Access Mediation | D3-LFAM | Restricting access to a local file by configuring operating system functionality. | Local File Access Control |
| - IO Port Restriction | D3-IOPR | Limiting access to computer input/output (IO) ports to restrict unauthorized devices. | |
| - Endpoint-based Web Server Access Mediation | D3-EBWSAM | Endpoint-based web server access mediation regulates web server access directly from user endpoints by implementing mechanisms such as client-side certificates and endpoint security software to authenticate devices and ensure compliant access. | |
| - Proxy-based Web Server Access Mediation | D3-PBWSAM | Proxy-based web server access mediation focuses on the regulation of web server access through intermediary proxy servers. | |
| - Physical Access Mediation | D3-PAM | Physical access mediation is the process of granting or denying specific requests to enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances.) | Physical Access Control |
| Access Policy Administration | D3-APA | Access policy administration is the systematic process of defining, implementing, and managing access control policies that dictate user permissions to resources. | Access Control Administration |
| - User Account Permissions | D3-UAP | Restricting a user account's access to resources. | |
| - Domain Trust Policy | D3-DTP | Restricting inter-domain trust by modifying domain configuration. | |
| - Local File Permissions | D3-LFP | Restricting access to a local file by configuring operating system functionality. | |
| Execution Isolation | D3-EI | Execution Isolation techniques prevent application processes from accessing non-essential system resources, such as memory, devices, or files. | |
| - Executable Allowlisting | D3-EAL | Using a digital signature to authenticate a file before opening. | File Signature Authentication |
| - Executable Denylisting | D3-EDL | Blocking the execution of files on a host in accordance with defined application policy rules. | Executable Blacklisting |
| - Hardware-based Process Isolation | D3-HBPI | Preventing one process from writing to the memory space of another process through hardware based address manager implementations. | Virtualization |
| - Kernel-based Process Isolation | D3-KBPI | Using kernel-level capabilities to isolate processes. | |
| - Application-based Process Isolation | D3-ABPI | Application code which prevents its own subroutines from accessing intra-process / internal memory space. | Browser-based Process Isolation , Remote Browser Isolation , and Sandbox |
| Network Isolation | D3-NI | Network Isolation techniques prevent network hosts from accessing non-essential system network resources. | |
| - Reverse Resolution IP Denylisting | D3-RRID | Blocking a reverse lookup based on the query's IP address value. | Reverse Resolution IP Blacklisting |
| - Email Filtering | D3-EF | Filtering incoming email traffic based on specific criteria. | |
| - Broadcast Domain Isolation | D3-BDI | Broadcast isolation restricts the number of computers a host can contact on their LAN. | Network Segmentation |
| - DNS Allowlisting | D3-DNSAL | Permitting only approved domains and their subdomains to be resolved. | DNS Whitelisting |
| - DNS Denylisting | D3-DNSDL | Blocking DNS Network Traffic based on criteria such as IP address, domain name, or DNS query type. | DNS Blacklisting |
| - Encrypted Tunnels | D3-ET | Encrypted encapsulation of routable network traffic. | |
| - Forward Resolution Domain Denylisting | D3-FRDDL | Blocking a lookup based on the query's domain name value. | Forward Resolution Domain Blacklisting |
| - Forward Resolution IP Denylisting | D3-FRIDL | Blocking a DNS lookup's answer's IP address value. | Forward Resolution IP Blacklisting |
| - Inbound Traffic Filtering | D3-ITF | Restricting network traffic originating from untrusted networks destined towards a private host or enclave. | |
| - Network Traffic Filtering | D3-NTF | Restricting network traffic originating from any location. | |
| - Outbound Traffic Filtering | D3-OTF | Restricting network traffic originating from a private host or enclave destined towards untrusted networks. | |
| - Hierarchical Domain Denylisting | D3-HDDL | Blocking the resolution of any subdomain of a specified domain name. | Hierarchical Domain Blacklisting |
| - Homoglyph Denylisting | D3-HDL | Blocking DNS queries that are deceptively similar to legitimate domain names. | Homoglyph Blacklisting |
D3FEND™
A knowledge graph of cybersecurity countermeasures