All Defenses
Network
Identity
Secrets
Threats
| Name | TL;DR | Techniques | D3FEND Tactic |
|---|---|---|---|
Controls access based on user attributes, resource attributes, and environment conditions. | Execution Isolation (D3-EI)Credential Hardening (D3-CH) | ||
Defines who can access an object and what actions they can perform. | Execution Isolation (D3-EI) | ||
Locks user accounts after a number of failed login attempts. | Credential Eviction (D3-CE) | ||
Validates and enforces policies on resources in a K8s cluster. | Application Hardening (D3-AH) | ||
Assesses and enhances an organization's AI pipeline security posture. | Application Hardening (D3-AH) | ||
Manages API requests, security, and passes them to back-end services. | Network Traffic Analysis (D3-NTA)Network Isolation (D3-NI) | ||
A highly secured server used to access and protect internal networks. | Network Isolation (D3-NI) | ||
Distributes content to users from various global servers to enhance performance. | Network Isolation (D3-NI)Message Hardening (D3-MH) | ||
Scans cloud setups for compliance and security best practices. | Platform Hardening (D3-PH) | ||
Collects and analyzes cloud logs to detect security incidents. | Process Analysis (D3-PA)User Behavior Analysis (D3-UBA) | ||
Protects data in use by processing it in secure, isolated environments. | Platform Hardening (D3-PH) | ||
Runs applications in isolated containers sharing an OS kernel. | Execution Isolation (D3-EI) | ||
Copies and archives data for recovery in case of loss or corruption. | Restore Object (D3-RO) | ||
Converts data to a coded format readable only with a key. | Application Hardening (D3-AH) | ||
Obscures sensitive data to protect it while maintaining usability. | Application Hardening (D3-AH) | ||
Copies data across locations for consistency and reliability. | Restore Object (D3-RO) | ||
Shields networks from attacks that overwhelm services with traffic. | Network Traffic Analysis (D3-NTA) | ||
Detection, investigation, and response to cybersecurity incidents. | Platform Monitoring (D3-PM) | ||
Prevents unauthorized data access, sharing, and leakage. | |||
Detects changes in files indicating cyberattacks. | File Analysis (D3-FA) | ||
Decoy systems designed to attract, hinder, and study threat actors. | Decoy Environment (D3-DE) | ||
Inspects host and app settings to detect misconfigurations. | Abusing exposed Docker socketMisconfigured Wordpress abuseMisconfigured Redis abuseMisconfigured Docker abuseMisconfigured DB abuseMisconfigured Consul abuseMisconfigured Argo abuseMisconfigured Apache Hadoop abuseJupyter Notebook misconfig abuseJupyter Notebook ransomwarecAdvisor abuseK8s anonymous auth abuse | Application Hardening (D3-AH) | |
Controls user and machine access to resources within an organization. | Execution Isolation (D3-EI)Credential Hardening (D3-CH) | ||
Manages cryptographic keys for data security. | Credential Hardening (D3-CH) | ||
Identifies and mitigates malicious software on systems. | File Analysis (D3-FA)Identifier Analysis (D3-ID) | ||
Divides networks into segments to improve security and control. | Network Isolation (D3-NI) | ||
Requires multiple verification methods for access. | Credential Hardening (D3-CH) | ||
Isolates environments/resources to avoid conflicts and improve security. | Execution Isolation (D3-EI) | ||
Monitors and controls network traffic based on security rules. | Network Traffic Analysis (D3-NTA)Network Isolation (D3-NI) | ||
Sets rules for creating and maintaining strong passwords. | Credential Hardening (D3-CH) | ||
Defines the maximum permissions an entity can have. | Credential Hardening (D3-CH) | ||
Acts as an intermediary for requests between clients and servers. | Network Isolation (D3-NI) | ||
Isolates compromised files/systems to limit blast radius. | Message Analysis (D3-MA)Credential Eviction (D3-CE) | ||
Assigns permissions based on user roles. | Execution Isolation (D3-EI)Credential Hardening (D3-CH) | ||
Lists components in a software product, enhancing transparency and security. | File Analysis (D3-FA) | ||
Detects at-risk secrets across an organization's systems. | File Analysis (D3-FA) | ||
Ensures devices boot only with trusted software. | Platform Hardening (D3-PH) | ||
Physical/digital keys for multi-factor authentication. | Credential Hardening (D3-CH) | ||
Identifies and protects sensitive information in systems. | File Analysis (D3-FA) | ||
Collects and analyzes security data to detect and respond to threats. | Platform Monitoring (D3-PM) | ||
Allows access to multiple systems with one login. | Credential Hardening (D3-CH) | ||
Actively searching for threats within a network before they cause harm. | Platform Monitoring (D3-PM) | ||
Collecting and analyzing data on potential and existing threats. | Platform Monitoring (D3-PM) | ||
Requires admin approval for system changes. | Execution Isolation (D3-EI) | ||
Secures connections over the Internet to a private network. | Network Isolation (D3-NI) | ||
Creates isolated virtual computing resources while sharing hardware. | Execution Isolation (D3-EI) | ||
Identifies security weaknesses in systems and apps. | Application Hardening (D3-AH) | ||
Alerts on passwords not meeting security standards. | Credential Hardening (D3-CH) | ||
Protects web apps by filtering HTTP traffic. | Network Isolation (D3-NI) | ||
Protects workloads in real-time during execution. | Platform Hardening (D3-PH) |