Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

A security team can then use this information to respond to the attack dynamically by feeding the attacker dummy information. However, Thacker isn't convinced that active defense is the way forward and instead urges organisations to adopt and improve active security capabilities and make blocking the attack a priority.

"Too many organisations are still focused on passive security elements" Thacker warns. "Bringing in active controls with real-time event correlation capabilities to help set the severity of an incident is often much more effective. In my opinion, focusing on kill-chain correlation is more effective than an active defence strategy."

Catalin Cosoi, chief security strategist at Bitdefender, is even more vehement in his stance against the 'striking back' interpretation of active defence that some proponents of the idea perpetuate in their marketing language.

"Under no circumstances should active defence extend to tampering with systems and hardware other than those you own," Cosoi insists.

"Not only is it a bad idea, it's also illegal in most jurisdictions. Counter-hacking might be 'okay' in a national security context, but even then it's still not easy, or necessarily desirable, as it escalates a conflict. Leave policing to policemen, and shooting bad guys to action heroes."

But, just for a moment, let's leave behind the contentious issue of definition and semantics and assume that 'active defence' is to be taken seriously. Let's say that you've used such a platform to identify who has attacked you (ignoring for a moment that it might not actually be who you think it is) what should you do with that information?

If you can identify where a cyber attack came from it should be reported to the relevant authorities, simple as. That would seem to be obvious. Apart from the small detail that it's hardly ever as simple as that.

"Knowing who perpetrated the attack, unless from the inside, is not always as important for organisations as knowing why and how," explains Ross Brewer, vice president and managing director for international markets at LogRhythm.

"With the right security tools in place, every piece of activity within the IT infrastructure is captured and stored for analysis, allowing the reconstruction of patterns of behaviour as required."

There seems little doubt, and it's hardly a contentious issue, that gaining as much insight as possible regarding a breach will enable organisations to understand exactly what happened and what made it possible in the first place. "This level of intelligence is invaluable as it allows security vulnerabilities to be detected and fixed," Brewer concludes.

Espion information security consultant, Robert Fitzpatrick, argues that the most invaluable part of threat intelligence is actually the *sharing* of that intelligence.

"If you can" Fitzpatrick advises "with a certain degree of confidence, attribute an attack to a foe, is it important other organisations can also then use this intelligence. Treating your industry like an ecosystem is vital to keeping attackers at bay."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Alibaba ECS instances targeted in new cryptojacking campaign
cryptocurrencies

Alibaba ECS instances targeted in new cryptojacking campaign

16 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022