Description
Employ a detonation chamber capability within [Assignment: organization-defined parameters].
Supplemental Guidance
Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator requests in the safety of an isolated environment or a virtualized sandbox. Protected and isolated execution environments provide a means of determining whether the associated attachments or applications contain malicious code. While related to the concept of deception nets, the employment of detonation chambers is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, detonation chambers are intended to quickly identify malicious code and either reduce the likelihood that the code is propagated to user environments of operation or prevent such propagation completely.
Changes from Rev 4
No significant title changes from Rev 4.
MITRE ATT&CK Techniques (22)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.