Enterprise Mitigations

Mitigations: 11
ID Name Description
VM0010 Application Developer Guidance This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
VM0002 Application Isolation and Sandboxing Restrict execution of code to a virtual environment on or in transit to an endpoint system.
VM0007 Boot Integrity Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.
VM0003 Exploit Protection Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
VM0004 Network Segmentation Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.
VM0011 Pre-compromise This category refers to any applicable mitigation activities that apply to techniques used by adversaries before gaining Initial Access, such as Reconnaissance and Resource Development techniques.
VM0005 Privileged Account Management Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.
VM0012 SSH Protect
  • Disable password-authentication and implement private-public key cryptography.
  • Discover all SSH machine identities in the environment, who they belong to and what they are used for.
  • Control SSH identities and authorized keys.
  • Control SSH configuration files and known hosts files to prevent any tampering.
  • Implement clearly defined SSH key management policies
  • Define SSH hardening configurations.
  • Create key inventory and remediation policy.
  • Establish continuous monitoring and audit process.
  • Automate the SSH machine identity lifecycle.
  • Create an Incident Response playbook for InfoSec and risk teams.

VM0006 Update Software Perform regular software updates to mitigate exploitation risk.
VM0008 Update Software Perform regular software updates to mitigate exploitation risk.
VM0009 Vulnerability Scanning Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.