Cybersecurity Weekly: 21 July, 2023
FANTOM CORPORATION (8a, SDB)
Data empowers everything we do. Dedicated to solutions and services that drive our customers toward mission success.
Active Cyber Defense (ACD) Primer
Historically Speaking
#Cybersecurity has traditionally focused on protecting the business against internal and external threats that #exploit #vulnerabilities for a variety of reasons. These products center around a suite of capabilities for a single pane of glass or for a specialized purpose like antivirus or encryption. This paradigm works when applied methodically and with a defense-in-depth strategy to deter and delay attacks. However, this also means waiting for the attack to happen and trusting (or hoping) these protections are enough.
Legal Disclaimer
Before we go further, we wanted to emphasize that we at Fantom Corporation ARE NOT advocating for someone to attack-back against a threat actor. Doing so introduces the potential for legal liability and angering the attacker further, which would inevitably escalate their response. We encourage anyone pursuing ACD to involve their General Council to ensure that the ACD strategy remains within legal boundaries while still protecting the organization.
An initial summary can be found at the following link from the University of Chicago Law School When is Cyber Defense a Crime? Evaluating Active Cyber Defense Measures under the Budapest Convention
https://cjil.uchicago.edu/print-archive/when-cyber-defense-crime-evaluating-active-cyber-defense-measures-under-budapest#heading-9
Take Cybersecurity Defense to the Next Level
ACD, according to #fortinet is "the use of offensive tactics to outsmart or slow down a hacker and make cyber attacks more difficult to carry out. An active cyber defense approach helps organizations prevent attackers from advancing through their business networks. It also increases the likelihood that hackers will make a mistake and expose their presence or?attack vector."
Similarly, #NIST defines ACD as "Synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.
Therefore, ACD places emphasis on an offensive response and gathering intelligence on an attacker and their techniques.
领英推荐
What is Involved in ACD?
ACD allows organizations to identify intrusions before an attacker steals data or causes damage. These techniques slow attacks more than traditional platform defenses and even stops them from penetrating further into a system. While this is occurring, the organization can gather intelligence about the attacker and the attack to determine the following:
This intelligence is incorporated into the overall planning and execution cycle to prevent subsequent attacks of the same nature.
One of the primary enablers of ACD is via honeytokens. A honeytoken is a fake IT resource that can assume a number of forms such as:
These honeytokens have data (or code) that when they are stolen, sends out a beacon, e-mail, text, etc. and allows it to be tracked/monitored. The idea is that once one of these resources is used, the organization is immediately notified. For example, when the fake credentials are used to login to a database, that provides actionable intelligence about the attacker's intention and technique.
There is More...
This article is intended to continue to spread awareness about ACD and how it can be used to improve the overall cybersecurity posture of an organization as part of a comprehensive defense-in-depth strategy that (legally) protects the organization as it pursues its objectives. Always ensure General Council has awareness and buy-in when considering a cybersecurity strategy. ACD gives the defenders more capability to detect attempted and successful intrusions and to appropriately respond. It also provides valuable information to the organization about the attacker's tactics, techniques, and procedures (TTP) that can be used to further protect against future attempts.
If this is interesting to you, our reader, let us know! We can expound on this topic in a future weekly release. With your suggestions and comments, we can ensure to discuss an area that is important to you and your goals.