Analyst Report: Proactive security: Integrating active defense in cybersecurity

Analysis

Defense in depth, perimeter security, and end point protection have been the focus of the security industry for more than a decade. But now, with falling detection rates, the weight is shifting toward improving proactive attack detection and response capabilities: identifying the adversary and raising the cost to attackers, with next-gen security tools designed to combat targeted cyberattacks by leveraging heuristics, big data analytics, and threat intelligence.

This report will explain what active defense means in the cybersecurity-defense context, how the term and approach evolved from the military to the civilian world, and how you and your organization can leverage this approach to take back the initiative and gain an advantage over committed and sophisticated adversaries. The clear message to security professionals is to start using active defenses and stop being the low-hanging fruit.

Some of the other key takeaways of this report are:

  • To combat advanced persistent threats (APTs), corporations are turning to active defense in the cyberworld. This does not, however, imply hacking back, violating laws, gaining access to users’ computers, or deploying defense as seen from the past military perspective.
  • Active defense preempts data breaches, identifies what the attackers are out to get, and makes it harder for them to get what they need.
  • Real-time intrusion detection focuses on detecting the attacker’s techniques and essential mission objectives rather than detecting dynamic technical indicators after the compromise has already happened.
  • Defend options run the gambit from sinkholing the attacks to identifying the adversary’s IP and location with crafted “call home” documents.

Feature image courtesy Flickr user robmcm

Table of Contents

  1. Summary
  2. When zero days prevail, traditional security fails: the need for a paradigm shift
  3. Mitigating cyberespionage in the private sector: the new rules of engagement?
    1. Enter active defenses: from military jargon to the civilian world
    2. What does “active defense” mean in the cyberworld?
  4. Active defense for the private sector: industry insights
    1. Detecting intrusions as they happen
    2. Attribution and intelligence in action: focus on identifying the attacker
  5. Active defense: range of response options
    1. Observation, containment, and sandboxing
    2. Intelligence dissemination and collective defense
  6. Examples of technical implementations of active defense in the field
  7. How far is too far: Which response options can be seen as safe and lawful?
    1. Court approved IT administrator’s counter hacks when a student used university networks and computers to launch hacking campaigns
    2. FBI vs. Coreflood, Operation Adeona
    3. Microsoft’s takedown of Citadel botnets with FS-ISAC, Operation b54
  8. Final words and key takeaways
  9. About Keren Elazari
  10. About GigaOM Research

Join Gigaom Research! Become a subscriber and get reports like these, plus our collection of over 1,700 reports from world-class analysts for just $1495 a year.

Tags