D3FEND Tactics

Name Description
Model The model tactic is used to apply security engineering, vulnerability, threat, and risk analyses to digital systems. This is accomplished by creating and maintaining a common understanding of the systems being defended, the operations on those systems, actors using the systems, and the relationships and interactions between these elements.
Harden The harden tactic is used to increase the opportunity cost of computer network exploitation. Hardening differs from Detection in that it generally is conducted before a system is online and operational.
Detect The detect tactic is used to identify adversary access to or unauthorized activity on computer networks.
Isolate The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses.
Deceive The deceive tactic is used to advertise, entice, and allow potential attackers access to an observed or controlled environment.
Evict The eviction tactic is used to remove an adversary from a computer network.