If you search for the term Active Defense and cyber, you'll find a treasure trove of material, as it is a popular topic in the information security field. Why it is so popular is that the underlying idea is to get back or hack back an attacker. This fight fire with fire comes with some major legal and ethical caveats, and rightly so. Since we are learning how to utilize cyber intelligence, we need to narrow our focus. There are plenty of books on understanding the hacker mindset or offensive mentality and after that, what's next? We can't attack back. Beyond the day-to-day security and IT operations, once we start utilizing the OPSEC process, we can start understanding who our adversaries are, how they operate, and how to defend against them from breaching our network and/or stealing information.
There are three principles to Active Defense:
- Principle 1: Annoyance
- Principle 2: Attribution
- Principle 3: Attack