Proactive security: Integrating active defense in cybersecurity

1 Summary

Defense in depth, perimeter security, and end point protection have been the focus of the security industry for more than a decade. But now, with falling detection rates, the weight is shifting toward improving proactive attack detection and response capabilities: identifying the adversary and raising the cost to attackers, with next-gen security tools designed to combat targeted cyberattacks by leveraging heuristics, big data analytics, and threat intelligence.

This report will explain what active defense means in the cybersecurity-defense context, how the term and approach evolved from the military to the civilian world, and how you and your organization can leverage this approach to take back the initiative and gain an advantage over committed and sophisticated adversaries. The clear message to security professionals is to start using active defenses and stop being the low-hanging fruit.

Some of the other key takeaways of this report are:

  • To combat advanced persistent threats (APTs), corporations are turning to active defense in the cyberworld. This does not, however, imply hacking back, violating laws, gaining access to users’ computers, or deploying defense as seen from the past military perspective.
  • Active defense preempts data breaches, identifies what the attackers are out to get, and makes it harder for them to get what they need.
  • Real-time intrusion detection focuses on detecting the attacker’s techniques and essential mission objectives rather than detecting dynamic technical indicators after the compromise has already happened.
  • Defend options run the gambit from sinkholing the attacks to identifying the adversary’s IP and location with crafted “call home” documents.

Feature image courtesy Flickr user robmcm