Definition
Active defense is approaches and actions to prevent, detect and counteract cyber threats. It helps to avoid cyber-attacks instead of waiting for them to happen and dealing with the aftermath later.
Active Defense Examples
- Intrusion detection systems (IDS): They monitor system networks and policies to detect intrusion or violation. Once they detect a suspicious activity, they respond to the intrusion automatically or alert system administrators.
- Intrusion prevention systems (IPS): IPS and IDS function almost similar, except that IPS is more thorough. If it detects unusual activity, it acts immediately, like blocking or stopping the suspicious traffic.
- Threat hunting: This involves combing through systems and networks to flag intrusions that automated methods cannot detect. Threat hunters actively search for threats rather than waiting for waiting for a threat alert.
- A honeypot: This is a decoy system that diverts attackers from the real system. As a result, the security team can identify and analyze the attack techniques.
- Penetration testing: It involves launching a simulated cyber-attack to identify weaknesses before hackers do. This proactive approach helps you to identify the vulnerabilities in your network that attackers can exploit.