Today’s cyber defenders find themselves at a disadvantage despite technological advances in cyber defense. Among the chief causes of this disadvantage is the asymmetry in a cyber conflict that favors the attacker. On one side of the equation, defenders must improve detection and response times to avert or mitigate attacks. On the other side of the
Topic: Active Defense
Active defense can refer to a defensive strategy in the military or cybersecurity arena.
The Department of Defense defines active defense as: "The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy." This definition does not specify whether it refers to physical actions, or cyber-related actions.
In the cybersecurity arena, active defense may mean "asymmetric defenses," namely defenses that increase costs to cyber-adversaries by reducing costs to cyber-defenders. For example, an active defense data protection strategy may leverage dynamic data movement, distribution, and re-encryption to make data harder to attack, steal, or destroy. Prior data protection approaches relied on encryption of data at rest, which leaves data vulnerable to attacks including stealing of ciphertext, cryptographic attack, attacks on encryption keys, destruction of encrypted data, ransomware attacks, insider attacks, and others.
Some have defined active defenses as including of deception or honeypots, which seek to confuse attackers with traps and advanced forensics. Other types of active defenses might include automated incident response, which attempts to tie together different response strategies in order to increase work for attackers and decrease work for defenders.
Recently, the Department of Homeland Security and financial institutions have identified Active Defense as a top priority for security of industrial infrastructure systems. As part of a broader push for greater resiliency, the National Institute of Standards and Technology 800-160 Volume 2 framework has gone further, providing guidance on standardization for active defense.
The webinar video recording will be available shortly. Thank you for your patience. This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level.
Today’s adversaries are advanced and more capable than ever before. Passive defensive tactics are no longer viable for pursuing these attackers. To compound the issue, the existence of an insider threat creates a challenging problem for the passive defender. One of the largest breaches of classified information was carried out by an insider. Months after the