Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

A security team can then use this information to respond to the attack dynamically by feeding the attacker dummy information. However, Thacker isn't convinced that active defense is the way forward and instead urges organisations to adopt and improve active security capabilities and make blocking the attack a priority.

"Too many organisations are still focused on passive security elements" Thacker warns. "Bringing in active controls with real-time event correlation capabilities to help set the severity of an incident is often much more effective. In my opinion, focusing on kill-chain correlation is more effective than an active defence strategy."

Catalin Cosoi, chief security strategist at Bitdefender, is even more vehement in his stance against the 'striking back' interpretation of active defence that some proponents of the idea perpetuate in their marketing language.

"Under no circumstances should active defence extend to tampering with systems and hardware other than those you own," Cosoi insists.

"Not only is it a bad idea, it's also illegal in most jurisdictions. Counter-hacking might be 'okay' in a national security context, but even then it's still not easy, or necessarily desirable, as it escalates a conflict. Leave policing to policemen, and shooting bad guys to action heroes."

But, just for a moment, let's leave behind the contentious issue of definition and semantics and assume that 'active defence' is to be taken seriously. Let's say that you've used such a platform to identify who has attacked you (ignoring for a moment that it might not actually be who you think it is) what should you do with that information?

If you can identify where a cyber attack came from it should be reported to the relevant authorities, simple as. That would seem to be obvious. Apart from the small detail that it's hardly ever as simple as that.

"Knowing who perpetrated the attack, unless from the inside, is not always as important for organisations as knowing why and how," explains Ross Brewer, vice president and managing director for international markets at LogRhythm.

"With the right security tools in place, every piece of activity within the IT infrastructure is captured and stored for analysis, allowing the reconstruction of patterns of behaviour as required."

There seems little doubt, and it's hardly a contentious issue, that gaining as much insight as possible regarding a breach will enable organisations to understand exactly what happened and what made it possible in the first place. "This level of intelligence is invaluable as it allows security vulnerabilities to be detected and fixed," Brewer concludes.

Espion information security consultant, Robert Fitzpatrick, argues that the most invaluable part of threat intelligence is actually the *sharing* of that intelligence.

"If you can" Fitzpatrick advises "with a certain degree of confidence, attribute an attack to a foe, is it important other organisations can also then use this intelligence. Treating your industry like an ecosystem is vital to keeping attackers at bay."

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021
Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021
The 4 most notorious hackers
hacking

The 4 most notorious hackers

12 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021