{"description": "Enterprise techniques mitigated by Remote Data Storage, ATT&CK mitigation M1029 (v1.1)", "name": "Remote Data Storage (M1029)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1119", "comment": "Encryption and off-system storage of sensitive information may be one way to mitigate collection of files, but may not stop an adversary from acquiring the information if an intrusion persists over a long period of time and the adversary is able to discover and access the data through other means.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1565", "comment": "Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data.(Citation: Ready.gov IT DRP) Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1565.001", "comment": "Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data.(Citation: Ready.gov IT DRP) Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1685", "showSubtechniques": true}, {"techniqueID": "T1685.005", "comment": "Automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1685.006", "comment": "Automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070", "comment": "Automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system. ", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1070.003", "comment": "Forward logging of historical data to remote data store and centralized logging solution to preserve historical command line log data.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070.007", "comment": "Automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070.008", "comment": "Automatically forward mail data and events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070.009", "comment": "Automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1072", "comment": "If the application deployment system can be configured to deploy only signed binaries, then ensure that the trusted signing certificates are not co-located with the application deployment system and are instead located on a system that cannot be accessed remotely or to which remote access is tightly controlled.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Remote Data Storage", "color": "#66b1ff"}]}