If we are to be proactive in taking away a currency that is important to our adversaries, we would have to take something that we do have control over in our network, which is time. From script kiddies to nation-state actors, there is a time threshold where it's just not worth trying. Our job is to not make it worth their while to continue trying their specific attack by blocking it or deceiving our attackers into believing that their exploitation efforts are working by deflecting them to where we want them to go.
Examples of blocking:
- Geographical blocking firewall rules
- Port security
- Security training to report possible malicious actions
Examples of deflection:
- Route to null
- Honey docs
- Honey pots
With an understanding that we cannot be 100% secure all of the time, we want our adversaries to expend mental and computational resources to figure out how to get to their target.
A way that I think of annoyance and Active Defense is by relating it the Warner Bros. cartoon with the Roadrunner and Wile E. Coyote. The Roadrunner's primary means of defense is speed. It did not matter what techniques, tactics, or procedures that the Coyote executed to catch the target, as the Roadrunner continually frustrated Wile E. with its speed.