CAF Outcome C2.b: Proactive Attack Discovery

You use an informed understanding of more sophisticated attack methods and of normal system behaviour to monitor proactively for malicious activity.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

C2.b: Proactive Attack Discovery to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
DE.CM-4	Malicious code is detected
DE.CM-5	Unauthorized mobile code is detected

Showing 1 to 2 of 2 entries

MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

Establish and document antivirus/malware management procedure (4.3.4.3.8)
ISA/IEC 62443-2-1:2009

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
SI-8: Spam Protection
SI-3: Malicious Code Protection
SC-18: Mobile Code
SI-4: System Monitoring
SC-44: Detonation Chambers

Showing 1 to 5 of 5 entries

See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.

Search:

ATT&CK ID	Title	Associated Tactics
T1059.006	Python	Execution
T1221	Template Injection	Defense Evasion
T1059.005	Visual Basic	Execution
T1027.010	Command Obfuscation	Defense Evasion
T1027.009	Embedded Payloads	Defense Evasion
T1059	Command and Scripting Interpreter	Execution
T1566	Phishing	Initial Access
T1027.002	Software Packing	Defense Evasion
T1547.006	Kernel Modules and Extensions	Persistence, Privilege Escalation
T1566.003	Spearphishing via Service	Initial Access
T1027	Obfuscated Files or Information	Defense Evasion
T1036.008	Masquerade File Type	Defense Evasion
T1059.001	PowerShell	Execution
T1566.001	Spearphishing Attachment	Initial Access
T1036	Masquerading	Defense Evasion
T1027.012	LNK Icon Smuggling	Defense Evasion
T1080	Taint Shared Content	Lateral Movement

Showing 1 to 17 of 17 entries