Hacking back: active defence for the enterprise

is striking back an advisable strategy for the enterprise? Davey Winder has been investigating.

Compare that to just passively reporting a breach to the authorities which can often feel like control has been taken even further out of your grasp.

"However, it s much more productive for an enterprise to focus on what they can both manage and control," says Rhodri Davies, managed security services chief technologist at HP Enterprise Security.

"Actively being aware of what is happening within your enterprise and optimising your defences accordingly is a positive process. But, going a step further than this and executing an aggressive active response is of little benefit to an enterprise, both legally and practically."

Can active defence (depending how you define it) be part of an approach to dealing with targeted attacks? Certainly. Should it be the only part of the approach? "Definitely not," according to Rob Sloan, head of response at Context Information Security.

Advertisement - Article continues below
Advertisement - Article continues below

"There is one way to reduce your risk of being successfully attacked and that is to continually improve your defences, monitor your network, hosts and logs for nefarious activity, and expect that at some point you will be compromised and be ready to respond quickly to the incident and have sufficient data to support an investigation," Sloan insists.

If an organisation is at that point they could consider what an active defence strategy could do for them, what additional risks it may carry and what (if any) benefits it would bring.

"Decision makers should not be swayed by the sexiness of taking the fight back to the attackers," Sloan concludes.

The reason that it's sexy is, perhaps, down to the principle being deeply rooted in topological warfare. Fortunately, this really does bear no resemblance to warfare within corporate computer networks.

"Active defence only makes sense if you think you can actually deter your attacker, which is plausible but difficult, since you've got all the problems of attribution to deal with," claims Marcus Ranum, CSO at Tenable Network Security. That's why counter-attack strategies are oft-discussed but seldom implemented, and certainly have not become part of the day-to-day IT security landscape.

"Part of what's going on is that the relevant authorities are seen to be fairly powerless," Ranum adds. "The idea of hiring a private army might seem attractive at first - but this is just going to make the environment more ugly."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019