Active Defense Techniques

In the previous chapter, we were introduced to active defense among numerous other approaches. Now is a good time we explore active defense techniques in detail. These are automated- and human-directed activities that attempt to thwart cyberattacks by increasing the diversity, complexity, or variability of the systems and networks. These limit the attacker’s ability to gather intelligence or reduce the usable life-span of the intelligence. Other approaches focus on gathering intelligence on the attackers, either by attracting attackers to instrumented honeypots or by patrolling the systems and networks to hunt for attackers. The intelligence gathering approaches rely upon cybersecurity personnel using semiautomated techniques to respond and repel attackers. Widely available commercial solutions for active defense so far are lacking. Although general purpose products may emerge, meanwhile organizations need to tailor their applications for available solutions or develop their own customized active defense. A successfully architected system or application should include passive defenses, which add protection without requiring human interaction, as well as active defenses.