Esc
Isolate
Definition
The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses.
Techniques
There are 22 techniques in this category, Isolate.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Execution Isolation | D3-EI | Execution Isolation techniques prevent application processes from accessing non-essential system resources, such as memory, devices, or files. | |
| - System Call Filtering | D3-SCF | Configuring a kernel to use an allow or deny list to filter kernel api calls. | |
| - Executable Allowlisting | D3-EAL | Using a digital signature to authenticate a file before opening. | File Signature Authentication |
| - Executable Denylisting | D3-EDL | Blocking the execution of files on a host in accordance with defined application policy rules. | Executable Blacklisting |
| - Hardware-based Process Isolation | D3-HBPI | Preventing one process from writing to the memory space of another process through hardware based address manager implementations. | Virtualization |
| - IO Port Restriction | D3-IOPR | Limiting access to computer input/output (IO) ports to restrict unauthorized devices. | |
| - Kernel-based Process Isolation | D3-KBPI | Using kernel-level capabilities to isolate processes. | |
| - Mandatory Access Control | D3-MAC | Controlling access to local computer system resources with kernel-level capabilities. | |
| Network Isolation | D3-NI | Network Isolation techniques prevent network hosts from accessing non-essential system network resources. | |
| - Reverse Resolution IP Denylisting | D3-RRID | Blocking a reverse lookup based on the query's IP address value. | Reverse Resolution IP Blacklisting |
| - Broadcast Domain Isolation | D3-BDI | Broadcast isolation restricts the number of computers a host can contact on their LAN. | Network Segmentation |
| - DNS Allowlisting | D3-DNSAL | Permitting only approved domains and their subdomains to be resolved. | DNS Whitelisting |
| - DNS Denylisting | D3-DNSDL | Blocking DNS Network Traffic based on criteria such as IP address, domain name, or DNS query type. | DNS Blacklisting |
| - Encrypted Tunnels | D3-ET | Encrypted encapsulation of routable network traffic. | |
| - Email Filtering | D3-EF | Filtering incoming email traffic based on specific criteria. | |
| - Network Traffic Filtering | D3-NTF | Restricting network traffic originating from any location. | |
| - Forward Resolution Domain Denylisting | D3-FRDDL | Blocking a lookup based on the query's domain name value. | Forward Resolution Domain Blacklisting |
| - Forward Resolution IP Denylisting | D3-FRIDL | Blocking a DNS lookup's answer's IP address value. | Forward Resolution IP Blacklisting |
| - Inbound Traffic Filtering | D3-ITF | Restricting network traffic originating from untrusted networks destined towards a private host or enclave. | |
| - Outbound Traffic Filtering | D3-OTF | Restricting network traffic originating from a private host or enclave destined towards untrusted networks. | |
| - Hierarchical Domain Denylisting | D3-HDDL | Blocking the resolution of any subdomain of a specified domain name. | Hierarchical Domain Blacklisting |
| - Homoglyph Denylisting | D3-HDL | Blocking DNS queries that are deceptively similar to legitimate domain names. | Homoglyph Blacklisting |
D3FEND™
A knowledge graph of cybersecurity countermeasures