IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

Compare that to just passively reporting a breach to the authorities which can often feel like control has been taken even further out of your grasp.

"However, it s much more productive for an enterprise to focus on what they can both manage and control," says Rhodri Davies, managed security services chief technologist at HP Enterprise Security.

"Actively being aware of what is happening within your enterprise and optimising your defences accordingly is a positive process. But, going a step further than this and executing an aggressive active response is of little benefit to an enterprise, both legally and practically."

Can active defence (depending how you define it) be part of an approach to dealing with targeted attacks? Certainly. Should it be the only part of the approach? "Definitely not," according to Rob Sloan, head of response at Context Information Security.

"There is one way to reduce your risk of being successfully attacked and that is to continually improve your defences, monitor your network, hosts and logs for nefarious activity, and expect that at some point you will be compromised and be ready to respond quickly to the incident and have sufficient data to support an investigation," Sloan insists.

If an organisation is at that point they could consider what an active defence strategy could do for them, what additional risks it may carry and what (if any) benefits it would bring.

"Decision makers should not be swayed by the sexiness of taking the fight back to the attackers," Sloan concludes.

The reason that it's sexy is, perhaps, down to the principle being deeply rooted in topological warfare. Fortunately, this really does bear no resemblance to warfare within corporate computer networks.

"Active defence only makes sense if you think you can actually deter your attacker, which is plausible but difficult, since you've got all the problems of attribution to deal with," claims Marcus Ranum, CSO at Tenable Network Security. That's why counter-attack strategies are oft-discussed but seldom implemented, and certainly have not become part of the day-to-day IT security landscape.

"Part of what's going on is that the relevant authorities are seen to be fairly powerless," Ranum adds. "The idea of hiring a private army might seem attractive at first - but this is just going to make the environment more ugly."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Alibaba ECS instances targeted in new cryptojacking campaign
cryptocurrencies

Alibaba ECS instances targeted in new cryptojacking campaign

16 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022