Federal and Industry organizations have recognized the efficacy of Active Defense based on Cyber Deception as the threats become increasingly sophisticated.
CISA is urging immediate deployment of Cyber Deception for Network Security in the latest “2022-2026 Strategic Technology Roadmap, Version 4”. NSA has published a detailed report on the effectiveness of cyber deception based on large red-team studies in the “The Next Wave” Vol 23, 2021.
Active Defense is “The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy.” US DoD
When using Active Defense, organizations engage with incoming threats to better understand and counter them, rather than operating static security controls and hoping for the best. In practice, Active Defense requires a process that includes four ingredients:
It’s not enough to just detect an attack: It must happen immediately, no matter from what vector, and without spurious false positives and minor alerts that obscure the threat.
Once detected, Active Defense enables the responders to channel and contain the attack, without the adversary knowing about it.
Now contained, the attacker’s TTPs can safely be observed and understood, and their identity and motivations revealed. High value assets can be obfuscated from the attacker’s perspective.
With the full picture in hand, the defenders can decide how, when, and where to respond, as well as improve controls to defeat future attempts to use the same TTPs.
MITRE has come up with MITRE Engage, an Active Defense framework for adversary engagement operations to secure network interior based on deception.
At the most fundamental level, Acalvio strives to provide four key security controls
Explore our patented technologies to enable Active Defense and Identity Security in your enterprise.