Active defence refers to a collection of strategies and accompanying actions aimed at preventing, detecting and responding to cyber threats.
Active defence ensures that you don’t have to wait for the cyber attack to occur before action is taken. It instead gives you the advantage, keeping you one step ahead. Preventing attacks before they happen saves you time and cost.
Examples of active defence
- Intrusion detection systems (IDS): These are used to monitor a network for any suspicious activity or policy violations. The moment the IDS detects something unusual, it will alert the network administrators. There are some systems designed to automatically react to intrusion.
- Intrusion prevention systems (IPS): These take the function of IDS a step further. IPS detects potential threats and will take action to block it immediately.
- Threat hunting: This here involves combing through networks and systems to identify any threats that may have been omitted by automated methods. Threat hunters are actively searching for any signs of potential threats as opposed to waiting on a threat alert.
- Honeypot: This is a decoy system designed as hacker bait. The aim is to deceive them into attacking the honeypot and not the real system. In doing so, the security team can gain insight into the method the hackers would normally use.
- Penetration testing: This involves simulating a cyber attack on your own devices in order to seek out any vulnerabilities before the attackers can. In doing so, you can get ahead of hackers and protect your system from any potential attacks.