Active Defense is a cyber security tactic that attempts to relocate as much of the conflict as possible outside the enterprise. It’s a step beyond the Block/Monitor/React cycle most businesses rely on today, and interest in it is gaining as businesses tire of beating back attack after attack from faceless adversaries.
But what constitutes an “active” defense? To some people, it means “hacking back” against a presumed attacker. That’s the extreme case, all right; but we don’t recommend rushing into that posture. There are legal, ethical, and practical concerns to be considered before striking out in that way.
We take a broader view of active defense. To us it covers a range of proactive tactics. It could mean the use of agile, ever-changing IP addresses (where practical), or the use of honeynets, to misdirect and mislead an adversary while gathering vital intelligence as to methods and intent.
Active defense covers a range of proactive tactics…a continuum of actions that requires a careful assessment
We agree with Dave Dittrich, a researcher at the University of Washington who has been in the vanguard of active defense thinking for over a decade. “Active defense is a continuum of actions that requires a careful assessment of potential legal issues, the range of actions possible, and the selection of actions that are most limited to achieve the objectives.” Tellagraff offers a range of advisory positions and technical measures on active defense that can help put you in the forefront of modern cyber strategy, at acceptable risk and cost.