Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

Compare that to just passively reporting a breach to the authorities which can often feel like control has been taken even further out of your grasp.

"However, it s much more productive for an enterprise to focus on what they can both manage and control," says Rhodri Davies, managed security services chief technologist at HP Enterprise Security.

"Actively being aware of what is happening within your enterprise and optimising your defences accordingly is a positive process. But, going a step further than this and executing an aggressive active response is of little benefit to an enterprise, both legally and practically."

Can active defence (depending how you define it) be part of an approach to dealing with targeted attacks? Certainly. Should it be the only part of the approach? "Definitely not," according to Rob Sloan, head of response at Context Information Security.

"There is one way to reduce your risk of being successfully attacked and that is to continually improve your defences, monitor your network, hosts and logs for nefarious activity, and expect that at some point you will be compromised and be ready to respond quickly to the incident and have sufficient data to support an investigation," Sloan insists.

If an organisation is at that point they could consider what an active defence strategy could do for them, what additional risks it may carry and what (if any) benefits it would bring.

"Decision makers should not be swayed by the sexiness of taking the fight back to the attackers," Sloan concludes.

The reason that it's sexy is, perhaps, down to the principle being deeply rooted in topological warfare. Fortunately, this really does bear no resemblance to warfare within corporate computer networks.

"Active defence only makes sense if you think you can actually deter your attacker, which is plausible but difficult, since you've got all the problems of attribution to deal with," claims Marcus Ranum, CSO at Tenable Network Security. That's why counter-attack strategies are oft-discussed but seldom implemented, and certainly have not become part of the day-to-day IT security landscape.

"Part of what's going on is that the relevant authorities are seen to be fairly powerless," Ranum adds. "The idea of hiring a private army might seem attractive at first - but this is just going to make the environment more ugly."

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021