Active defense definition

Active defense is a set of proactive strategies and actions to prevent, detect, and respond to cyber threats. Rather than waiting for a cyber attack to happen and then dealing with the aftermath, active defense is about staying one step ahead. That allows preventing those attacks in the first place or at least making them more difficult, time-consuming, and costly.

See also: intrusion detection system, firewall, honeypot, threat hunting

Active defense examples

• Intrusion detection systems (IDS) monitor a network for suspicious activity or policy violations. Once they detect something unusual, they’ll alert the network administrators. Some systems can even respond to the intrusion automatically.
• Intrusion prevention systems (IPS) are similar to IDS but go a step further. Once an IPS detects a potential threat, it can take immediate action to block it, like stopping traffic from a suspicious source.
• Threat hunting involves searching through networks and systems to identify threats that automated methods might have missed. Instead of waiting for an alert, threat hunters actively look for signs of a potential attack.
• A honeypot is a decoy system created to bait hackers. The goal is to trick them into targeting the honeypot instead of the real system. That allows the security team to identify and analyze the attack methods.
• Penetration testing is a simulated cyber attack on your own systems to find vulnerabilities before real hackers do. It’s a proactive way of identifying weak points in your network that an attacker could exploit.

Further reading