IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

A security team can then use this information to respond to the attack dynamically by feeding the attacker dummy information. However, Thacker isn't convinced that active defense is the way forward and instead urges organisations to adopt and improve active security capabilities and make blocking the attack a priority.

"Too many organisations are still focused on passive security elements" Thacker warns. "Bringing in active controls with real-time event correlation capabilities to help set the severity of an incident is often much more effective. In my opinion, focusing on kill-chain correlation is more effective than an active defence strategy."

Catalin Cosoi, chief security strategist at Bitdefender, is even more vehement in his stance against the 'striking back' interpretation of active defence that some proponents of the idea perpetuate in their marketing language.

"Under no circumstances should active defence extend to tampering with systems and hardware other than those you own," Cosoi insists.

"Not only is it a bad idea, it's also illegal in most jurisdictions. Counter-hacking might be 'okay' in a national security context, but even then it's still not easy, or necessarily desirable, as it escalates a conflict. Leave policing to policemen, and shooting bad guys to action heroes."

But, just for a moment, let's leave behind the contentious issue of definition and semantics and assume that 'active defence' is to be taken seriously. Let's say that you've used such a platform to identify who has attacked you (ignoring for a moment that it might not actually be who you think it is) what should you do with that information?

If you can identify where a cyber attack came from it should be reported to the relevant authorities, simple as. That would seem to be obvious. Apart from the small detail that it's hardly ever as simple as that.

"Knowing who perpetrated the attack, unless from the inside, is not always as important for organisations as knowing why and how," explains Ross Brewer, vice president and managing director for international markets at LogRhythm.

"With the right security tools in place, every piece of activity within the IT infrastructure is captured and stored for analysis, allowing the reconstruction of patterns of behaviour as required."

There seems little doubt, and it's hardly a contentious issue, that gaining as much insight as possible regarding a breach will enable organisations to understand exactly what happened and what made it possible in the first place. "This level of intelligence is invaluable as it allows security vulnerabilities to be detected and fixed," Brewer concludes.

Espion information security consultant, Robert Fitzpatrick, argues that the most invaluable part of threat intelligence is actually the *sharing* of that intelligence.

"If you can" Fitzpatrick advises "with a certain degree of confidence, attribute an attack to a foe, is it important other organisations can also then use this intelligence. Treating your industry like an ecosystem is vital to keeping attackers at bay."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022