Browse Definitions :
Definition

active defense

Contributor(s): Carolyn Crandall

An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult to carry out. Slowing down or derailing the attacker so they cannot advance or complete their attack increases the probability that they will make a mistake and expose their presence or reveal their attack vector.

While the term active defense is often associated with military applications and protecting critical infrastructure and key resources (CIKR), it also applies to information technology (IT) security. In cybersecurity, an active defense raises the financial cost of an attack in terms of wasting the attacker's processing power and time. Applying offense-driven strategies is critical to being able to detect and stop not only external threat actors, but also insiders and attackers with varying motivations including ransomware, extortion and cryptojacking .

An active defense complements offense-driven actions and allows an organization to proactively detect and derail attacks early and gather the threat intelligence required to understand the attack and prevent a similar recurrence. Sometimes active defense includes striking back at an attacker, but this is normally reserved for military and law enforcement that have the resources and authority to confirm attribution and take appropriate action.

Deception technology can be used to detect an attacker early on in the attack cycle by obfuscating the attack surface with realistic device decoys and attractive digital bait. Misdirection can trick the attacker into engaging and lead them to believe they are escalating their attack, when in fact, they are wasting their time and processing power and providing the defender with counterintelligence. The forensic information gathered through an active defense can then be applied to defense strategies and stop a live attack, identify forensic artifacts and expedite incident response to prevent the attack from resurfacing.

This was last updated in May 2018

Continue Reading About active defense

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What are your thoughts on using an active defense system on a private network?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

SearchSecurity

  • certificate authority (CA)

    A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically...

  • hacktivism

    Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.

  • advanced persistent threat (APT)

    An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and ...

SearchHealthIT

  • Cerner Corp.

    Cerner Corp. is a public company in North Kansas City, Mo., that provides various health information technologies, ranging from ...

  • clinical decision support system (CDSS)

    A clinical decision support system (CDSS) is an application that analyzes data to help healthcare providers make decisions and ...

  • Health IT (health information technology)

    Health IT (health information technology) is the area of IT involving the design, development, creation, use and maintenance of ...

SearchDisasterRecovery

  • tabletop exercise (TTX)

    A tabletop exercise (TTX) is a disaster preparedness activity that takes participants through the process of dealing with a ...

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center.

  • ransomware recovery

    Ransomware recovery is the process of resuming options following a cyberattack that demands payment in exchange for unlocking ...

SearchStorage

  • SSD (solid-state drive)

    An SSD (solid-state drive) is a type of nonvolatile storage media that stores persistent data on solid-state flash memory.

  • file system

    In a computer, a file system -- sometimes written filesystem -- is the way in which files are named and where they are placed ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close