Chapter 6: Active Defense
In the previous chapter, we discussed defensible architecture and the role static defenses play in the overall security posture. In this chapter, we will focus on active defense practices and how they tie into agile security operations. This chapter will draw together many of the strands from previous chapters and develop an approach to the core of security operations called active defense.
Active defense is the practice of intelligence-driven breach detection, containment, and purposed engineering that enables an organization to deal with persistent and advanced attackers. In Chapter 2, Incident Response – A Key Capability in Security Operations, we have moreover argued that active defense is intimately connected to the 'inner loop' of the NIST incident response cycle.
You might think that active defense tactics are not necessary for most organizations except in incident response situations. In this view, active defense focuses on deterring...