Esc
Isolate
Definition
The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses.
Techniques
There are 52 techniques in this category, Isolate.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Access Mediation | D3-AMED | Access mediation is the process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances). | Access Control |
| - Physical Access Mediation | D3-PAM | Physical access mediation is the process of granting or denying specific requests to enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances.) | Physical Access Control |
| - Network Access Mediation | D3-NAM | Network access mediation is the control method for authorizing access to a system by a user (or a process acting on behalf of a user) communicating through a network, including a local area network, a wide area network, and the Internet. | Network Access Control |
| - Network Resource Access Mediation | D3-NRAM | Control of access to organizational systems and services by users or processes over a network. | Remote Access Control |
| - Local File Access Mediation | D3-LFAM | Local file access mediation is the process of an operating system granting or denying a specific access request to a local file. | Local File Access Control |
| - System Call Filtering | D3-SCF | Controlling access to local computer system resources with kernel-level capabilities. | System Call Control |
| - LAN Access Mediation | D3-LAMED | LAN access mediation encompasses the application of strict access control policies, systematic verification of devices, and authentication mechanisms to govern connectivity to a Local Area Network. | |
| - Remote File Access Mediation | D3-RFAM | Remote file access mediation is the process of managing and securing access to file systems over a network to ensure that only authorized users or processes can interact with remote files. | File Share Access Mediation |
| - Routing Access Mediation | D3-RAM | Routing access mediation is a network security approach that manages and controls access at the network layer using VPNs, tunneling protocols, firewall rules, and traffic inspection to ensure secure and efficient data routing. | |
| - Web Session Access Mediation | D3-WSAM | Web session access mediation secures user sessions in web applications by employing robust authentication and integrity validation, along with adaptive threat mitigation techniques, to ensure that access to web resources is authorized and protected from session-related attacks. | |
| - Endpoint-based Web Server Access Mediation | D3-EBWSAM | Endpoint-based web server access mediation regulates web server access directly from user endpoints by implementing mechanisms such as client-side certificates and endpoint security software to authenticate devices and ensure compliant access. | |
| - Proxy-based Web Server Access Mediation | D3-PBWSAM | Proxy-based web server access mediation focuses on the regulation of web server access through intermediary proxy servers. | |
| - IO Port Restriction | D3-IOPR | Limiting access to computer input/output (IO) ports to restrict unauthorized devices. | |
| - Credential Transmission Scoping | D3-CTS | Limiting the transmission of a credential to a scoped set of relying parties. | Phishing Resistant Authentication |
| Access Policy Administration | D3-APA | Access policy administration is the systematic process of defining, implementing, and managing access control policies that dictate user permissions to resources. | Access Control Administration |
| - User Account Permissions | D3-UAP | Restricting a user account's access to resources. | |
| - Domain Trust Policy | D3-DTP | Restricting inter-domain trust by modifying domain configuration. | |
| - Local File Permissions | D3-LFP | Local file permissions is the systematic process of defining, implementing, and managing access control policies that dictate user permissions for accessing files on a local system through the configuration of operating system functionality. | |
| Content Filtering | D3-CF | Content Filtering techniques aid in the process of analyzing an input file for malicious or erroneous content and outputing a sanitized version. | |
| - Content Modification | D3-CM | Modify content that does not comply with policy. | |
| - Content Quarantine | D3-CQ | Transfer content that does not comply with policy to a quarantine zone. | |
| - Content Validation | D3-CV | Verify and validate contents complies with policy | |
| - File Format Verification | D3-FFV | Verifying that a file conforms to its expected format specifications | |
| - Content Excision | D3-CNE | Removing specific, potentially malicious, parts of content | |
| - Content Format Conversion | D3-CFC | Content format conversion is mechanical transformation from one format to another which may be normalization or specifically flattening. | |
| - Content Rebuild | D3-CNR | Rebuild the file according to the spec so any unreferenced components or objects are removed. | Content Reconstruction |
| - Content Substitution | D3-CNS | Modifies specific digital content information by replacing it with something else. | |
| - File Content Decompression Checking | D3-FCDC | Checking if compressed or encoded data sections can be successfully decompressed or decoded. Can follow with further analysis with semantic knowledge | |
| - File Internal Structure Verification | D3-FISV | The process of checking specific static values within a file, such as file signatures or magic numbers, to ensure they match the expected values defined by the file format specification. | |
| - File Metadata Consistency Validation | D3-FMCV | The process of validating the consistency between a file's metadata and its actual content, ensuring that elements like declared lengths, pointers, and checksums accurately describe the file's content. | |
| - File Metadata Value Verification | D3-FMVV | The process of checking specific static values within a file, such as file signatures or magic numbers, to ensure they match the expected values defined by the file format specification. | |
| - File Magic Byte Verification | D3-FMBV | Utilizing the magic number to verify the file | |
| Execution Isolation | D3-EI | Execution Isolation techniques prevent application processes from accessing non-essential system resources, such as memory, devices, or files. | |
| - Application-based Process Isolation | D3-ABPI | Application code which prevents its own subroutines from accessing intra-process / internal memory space. | Browser-based Process Isolation , Remote Browser Isolation , and Sandbox |
| - Executable Allowlisting | D3-EAL | Using a digital signature to authenticate a file before opening. | File Signature Authentication |
| - Executable Denylisting | D3-EDL | Blocking the execution of files on a host in accordance with defined application policy rules. | Executable Blacklisting |
| - Hardware-based Process Isolation | D3-HBPI | Preventing one process from writing to the memory space of another process through hardware based address manager implementations. | Virtualization |
| - Kernel-based Process Isolation | D3-KBPI | Using kernel-level capabilities to isolate processes. | |
| Network Isolation | D3-NI | Network Isolation techniques prevent network hosts from accessing non-essential system network resources. | |
| - Reverse Resolution IP Denylisting | D3-RRID | Blocking a reverse lookup based on the query's IP address value. | Reverse Resolution IP Blacklisting |
| - Email Filtering | D3-EF | Filtering incoming email traffic based on specific criteria. | |
| - DNS Denylisting | D3-DNSDL | Blocking DNS Network Traffic based on criteria such as IP address, domain name, or DNS query type. | DNS Blacklisting |
| - Encrypted Tunnels | D3-ET | Encrypted encapsulation of routable network traffic. | |
| - Network Traffic Filtering | D3-NTF | Restricting network traffic originating from any location. | |
| - Forward Resolution Domain Denylisting | D3-FRDDL | Blocking a lookup based on the query's domain name value. | Forward Resolution Domain Blacklisting |
| - Forward Resolution IP Denylisting | D3-FRIDL | Blocking a DNS lookup's answer's IP address value. | Forward Resolution IP Blacklisting |
| - Inbound Traffic Filtering | D3-ITF | Restricting network traffic originating from untrusted networks destined towards a private host or enclave. | |
| - Outbound Traffic Filtering | D3-OTF | Restricting network traffic originating from a private host or enclave destined towards untrusted networks. | |
| - Hierarchical Domain Denylisting | D3-HDDL | Blocking the resolution of any subdomain of a specified domain name. | Hierarchical Domain Blacklisting |
| - Homoglyph Denylisting | D3-HDL | Blocking DNS queries that are deceptively similar to legitimate domain names. | Homoglyph Blacklisting |
| - Broadcast Domain Isolation | D3-BDI | Broadcast isolation restricts the number of computers a host can contact on their LAN. | Network Segmentation |
| - DNS Allowlisting | D3-DNSAL | Permitting only approved domains and their subdomains to be resolved. | DNS Whitelisting |
D3FEND™
A knowledge graph of cybersecurity countermeasures