{"id":2032,"date":"2025-08-01T03:53:34","date_gmt":"2025-08-01T03:53:34","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/08\/01\/cisa-unveils-eviction-strategies-tool-to-aid-incident-response\/"},"modified":"2025-08-01T03:53:34","modified_gmt":"2025-08-01T03:53:34","slug":"cisa-unveils-eviction-strategies-tool-to-aid-incident-response","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/01\/cisa-unveils-eviction-strategies-tool-to-aid-incident-response\/","title":{"rendered":"CISA Unveils Eviction Strategies Tool to Aid Incident Response"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A new tool aimed at streamlining cyber incident response and helping organizations evict adversaries from compromised systems has been released by the US Cybersecurity and Infrastructure Security Agency (CISA).\u00a0<\/p>\n<p>The Eviction Strategies Tool is a\u00a0free resource developed in collaboration with MITRE to support defenders in building rapid, tailored response plans.<\/p>\n<p>Designed with ease of use and speed in mind, the Eviction Strategies Tool allows cyber defenders to craft detailed playbooks for containing and removing threat actors. Users can develop plans in minutes using either structured frameworks, such as MITRE ATT&#038;CK, or free-text descriptions of threat behavior.<\/p>\n<p>The tool integrates two key resources:<\/p>\n<ul>\n<li>\n<p>COUN7ER \u2013 a curated database of over 100 post-compromise countermeasures, mapped to known tactics, techniques and procedures (TTPs)<\/p>\n<\/li>\n<li>\n<p>Cyber Eviction Strategies Playbook NextGen\u00a0\u2013 a web-based interface that aligns incident findings with recommended countermeasures<\/p>\n<\/li>\n<\/ul>\n<p>Combined, these components aim to offer cyber teams a clear path to action, supporting decisions with researched, atomic-level guidance for every phase of adversary eviction.<\/p>\n<p><em>Read more on adversary TTPs:\u00a0SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures<\/em><\/p>\n<h2><strong>Practical Benefits for Defenders<\/strong><\/h2>\n<p>CISA emphasized the importance of the tool in addressing long-standing challenges faced by incident responders.<\/p>\n<p>\u201cHow an organization approaches remediation and eviction of an incident is critically important to a successful response effort,\u201d\u00a0said Jermaine Roebuck, associate director for threat hunting at CISA.<\/p>\n<p>\u201cThis tool will level the playing field by making it easier for IT staff and cyber defenders to coordinate efforts and achieve a successful eviction.\u201d<\/p>\n<p>Key capabilities include:<\/p>\n<ul>\n<li>\n<p>Exporting plans in formats such as JSON, Word, Excel and markdown<\/p>\n<\/li>\n<li>\n<p>Integrating knowledge from frameworks like MITRE D3FEND<\/p>\n<\/li>\n<li>\n<p>Offering open-source access under the MIT License<\/p>\n<\/li>\n<\/ul>\n<p>CISA is inviting public and private sector organizations to incorporate the tool into their incident response workflows and provide feedback via an anonymous survey.<\/p>\n<p>The agency said the launch of the Eviction Strategies Tool marks a strategic step in enhancing nationwide cyber-resilience, particularly against state-sponsored actors like Volt Typhoon and APT29.<\/p>\n<p>By lowering the barrier to effective response planning, CISA hopes to help organizations reduce dwell time of attackers, limit damage and strengthen their overall defense posture.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A new tool aimed at streamlining cyber incident response and helping organizations evict adversaries from compromised systems has been released by the US Cybersecurity and Infrastructure Security Agency (CISA).\u00a0 The Eviction Strategies Tool is a\u00a0free resource developed in collaboration with MITRE to support defenders in building rapid, tailored response plans. Designed with ease of use<\/p>\n","protected":false},"author":2,"featured_media":2033,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2032-1693b23b-f329-4830-bf28-699eac82f42a-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2032"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2032\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2033"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2032"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}