Browse Definitions :
Definition

active defense

An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult to carry out. Slowing down or derailing the attacker so they cannot advance or complete their attack increases the probability that they will make a mistake and expose their presence or reveal their attack vector.

While the term active defense is often associated with military applications and protecting critical infrastructure and key resources (CIKR), it also applies to information technology (IT) security. In cybersecurity, an active defense raises the financial cost of an attack in terms of wasting the attacker's processing power and time. Applying offense-driven strategies is critical to being able to detect and stop not only external threat actors, but also insiders and attackers with varying motivations including ransomware, extortion and cryptojacking .

An active defense complements offense-driven actions and allows an organization to proactively detect and derail attacks early and gather the threat intelligence required to understand the attack and prevent a similar recurrence. Sometimes active defense includes striking back at an attacker, but this is normally reserved for military and law enforcement that have the resources and authority to confirm attribution and take appropriate action.

Deception technology can be used to detect an attacker early on in the attack cycle by obfuscating the attack surface with realistic device decoys and attractive digital bait. Misdirection can trick the attacker into engaging and lead them to believe they are escalating their attack, when in fact, they are wasting their time and processing power and providing the defender with counterintelligence. The forensic information gathered through an active defense can then be applied to defense strategies and stop a live attack, identify forensic artifacts and expedite incident response to prevent the attack from resurfacing.

This was last updated in May 2018

Continue Reading About active defense

SearchCompliance
  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

SearchSecurity
  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into ...

  • distributed denial-of-service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a ...

  • password cracking

    Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or ...

SearchHealthIT
SearchDisasterRecovery
  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

SearchStorage
  • storage security

    Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted ...

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud data management

    Cloud data management is a way to manage data across cloud platforms, either with or instead of on-premises storage.

Close