What do the experts think?
We polled a few of CryptoMove’s advisors for their take on active defense:
Fengmin Gong (Co-Founder of Palo Alto Networks and Cyphort, and now VP of Information Security Strategy at Didi), looks at active defense this way:
It is all about leveling the playing field with the attackers. Instead of stand still while the attackers hitting us from many angles, we can move around, assets or network configurations; instead of being exposed in bright light for attackers to target, we can obfuscate and camouflage our systems. In a way we can increase the cost to the attackers, thus enhancing the defense.
Michael Roytman (head of Data Science at Kenna Security), who digests Fortune 500 risk profiles for breakfast, has this to say:
All of our industry’s data about successful exploitation tells us that attackers learn about our environments, and consistently automate the attacks that work repeatedly. Pair that with the inherent asymmetry of “defense” — it takes one successful attack to win, while we must defend against every attack to prevent a breach, and the solution becomes fairly obvious. Introduce asymmetry in an automated fashion, make it harder for the attackers to learn about you, and you stand a chance.
Nick Bilogorskiy (founding team member at Cyphort and former head of malware at Facebook), looks at active defense like this:
To me active defense is a cybersecurity technique that countervails the breach in real time. This could be in the form of retaliating against attacking infrastructure, automating incident response actions, scrambling or moving the data the attacker wants as soon as cyberattack begins.
January 2017 update: Ken Baylor (Founder of the Vendor Security Alliance, former CISO/CSO at Symantec, Pivotal, Nuance, and VP Security at Wells Fargo) weighs in:
To me, active defense is about flipping the asymmetry between defenders and attackers via cooperation among defenders. Today we defend our infrastructure in silos, even though vulnerabilities extend across peer companies and vendors. Meanwhile cyber-adversaries plan and execute sophisticated federated attacks across multiple targets at once. We can defend actively if we work together to defend and leverage each other’s resources.
One thing is for sure: new strategies are a must given an environment where defenses are a nightmare to monitor and guard at scale. Attackers today leverage asymmetric advantages that shred traditional defenses. Active defense — properly defined — presents the best conceptual foundation to formulate next-generation security innovations.