Active defense is the use of proactive tactics to outsmart, slow down, or identify a hacker - making cyberattacks more difficult to carry out, and helping to prevent attackers from advancing. Active defense techniques also increase the likelihood that the threat actor will make a mistake and expose themselves, or their attack vector.
Employing active defense will also generate vital threat intelligence data, providing visibility for organizations to understand attacks and prevent future similar occurrences. They can apply this threat intelligence information to defense strategies, thereby strengthening their incident response in order to avoid the threat resurfacing.
Active defense tactics include:
- Deception technology - to detects attackers as early as possible in the attack cycle.
- Digital baiting and device decoys, such as honeypot, that may obfuscate the attack surface and trick attackers - this misdirection wastes the attackers’ time and processing power, while providing vital threat intelligence data.
- Hardening network and host settings
- Setting up monitoring and alerting systems