Ram is co-founder and CEO of Acalvio Technologies, a leader in cyber deception technology.
With the widening IT skills gap, general lack of resources and ever-increasing knowledge gaps, organizations are strained when it comes to keeping up with highly motivated and well-funded cybercriminals. As a result, many have fallen on denial-based passive defenses as their go-to strategy.
The passive defense approach is when IT teams are trained to block an attacker by denying access and is often the only approach that, up until now, organizations have had the training and bandwidth to accomplish. Unfortunately, just blocking attacks without understanding the tactics allows attackers to keep trying until they succeed. Hence, even with the best passive defense strategy in place, attackers are still winning the game and are doing so at a rapid and persistent pace, which is why companies are now seeking out a different approach.
In the modern area of cybersecurity, organizations need to operate off the assumption that attackers are going to get inside their network—and that it’s no longer a matter of if, but when.
Picture this: You’ve finally bought your dream Picasso. Suddenly, in your eyes, a “good enough” defense for the house your Picasso hangs in just won’t cut it when it comes to protecting that valuable asset. Likewise, organizations of all sizes are continuously trying to protect the crown jewels in their own networks, like company and customer data, or machine and human identities, to name just a few. As more companies’ networks are being attacked and their prized assets are being compromised, they are quickly realizing that a simple reactive or passive approach is no longer sufficient.
Cybercriminals are always evolving, and because they’re not slowing down any time soon, it’s important that organizations and their defense systems evolve right along with—or ahead of—those criminals. Active defense is a term coined by MITRE that emphasizes the benefits of engaging with attackers versus solely “denying them access” to your systems, which is more of a traditional passive defense strategy. Active defense uses passive legacy approaches as a springboard, but instead of just reacting to a completed attack or simply building an ineffective wall to keep attackers out, it detects the attacks, redirects and engages actively and responds.
In the case of the house with our Picasso hanging inside, thieves have long figured out how to bypass a simple deadbolt on the door (passive defense) used to deny them access with a lockpick or even by simply kicking the door down. When facing a skilled lockpick or cybercriminal, you might never even know a thief has been inside your house until it’s too late, and you only know they’ve been inside when you notice your painting or other assets have been taken. Similarly, in the case of network infiltration, attackers can remain undetected for up to 200 days or longer. This all points to passive defense and “deadbolts” as limiting. Active defense goes beyond just setting a lock and instead shifts the balance of power away from the attacker and toward the defender.
This strategy acts as more of a motion detector, with organizations actively detecting cybercriminals in order to slow, derail or stop them before they can fully infiltrate. There are various approaches, strategies and tools when it comes to active defense—in fact, the United States government just signed into law the National Defense Authorization Act, which in part advocates for the deployment of active defense. The law defines the active defense technique as “the use of a deception technology or other purposeful feeding of false or misleading information to an attacker accessing such a system.”
Active defense leads to proactivity rather than reactivity. It’s important to contextualize passive defense as simple denial of entry and, if that denial is compromised, reacting in the aftermath. In the case of active defense, proactivity means detection, diversion and engagement, all while the attack is happening instead of after it’s already occurred.
The advent of deception technology and the recent industrialization taking place in the deception tech industry has resulted in a type of protection we haven’t seen before: beating the attacker at their own game and letting the technology do the work. By using decoys, a thief can be lured right into interacting with deceptive versions of your most valuable assets, which leads to important intelligence gathering, letting you get more from your attacker. This approach is ultimately intended to frustrate attackers by getting them so bogged down trying to infiltrate your network that they reveal their intent and can be completely removed from the network.
Active defense provides organizations with the tools, the strategy and, ultimately, the knowledge to learn from attackers and to anticipate their next move, all while fortifying security posture. Gone are the days of simple deadbolts and easily bypassed doors standing between the things you care about and your attackers, waiting for criminals to strike and then reacting. Organizations are now embracing active defense strategies and technology and are shifting the balance of power back in their favor.
When considering an active defense strategy of your own, remember you can make active defense an inherent part of your existing security stack. Just like home protection doesn’t rely on one thing—a single fence or a single lock—your network defense will also rely on the addition of active defense to enhance your existing stack.
In addition, when looking for an active defense solution, bear in mind that IT and operational technology (OT) don’t operate as totally separate entities anymore. Because of that, a solution should solve for both IT and OT in all of the ways they are connected.
Finally, it’s important to remember that an active defense strategy is not just the responsibility of the cybersecurity leaders within an organization. Increasingly, CEOs and members of the board are paying closer attention to what they can do to fully support and allocate proper funding toward technology that adequately protects the “Picasso” in everyone’s organization.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Despite only telling users about a breach on its retail trading app this week, several sources with knowledge of the matter say that the in
Colombia has been locked in a vicious multiparty civil war for control of the country’s vast natural wealth, including fertile agricultural land,
Nintendo is famously very protective of its IPs like Mario or The Legend Of Zelda. This protectiveness is understandable as these IPs are key to Nintendo's i
Photo: Trismegist san (Shutterstock)When an AI-generated image of an explosion occurring outside the Pentagon proliferated on social media earlier this week, it