Defensive Strategy - The 4 Principles of Active Defense

Screen Shot 2014-05-21 at 9.38.55 AM.png

A basic principle of warfare is to seize, retain and exploit the initiative. And let's be honest, we are living with an Internet that occasionally feels like warfare and we aren't allowed to fight back. Initiative is what we, as defenders in the cyber domain, have never had—in fact we don't like to admit to ourselves that we are both in a fight and often losing. But there are enterprise security products that can help you know your enterprise to defend your critical information.

 

It’s worth discussing the question: “What, exactly, does it mean to have the initiative?” If you are waiting on your adversary to do something, at which point you will respond, you do not have the initiative. If you are building static defenses to protect yourself and your key assets, you still do not have the initiative. To have the initiative, you must be actively creating the scenarios where you intend to draw-in your adversaries and demolish them. Once they make contact with your network, if they are responding to your tripwires and traps, or are being unknowingly mined for intelligence, THEN you have the initiative. This is an active defense.

 

There are 4 principles of defense that have been subjected to thousands of years of scrutiny and refinement. These are the principles of:

1. Security
2. Disruption
3. Flexibility
4. Mass

 

Security is the fact that you know the area you are protecting and can keep track of assets, identities, networks, vulnerabilities etc. Protecting the forces available to you so that you can employ them at the appropriate time in an active defense is step 1. This is the most boring and yet likely, the most important aspect of an overall enterprise defense.

 

Disruption is the principle that you should never allow an attacker a break; find every way you can to disrupt their activities or to mislead them as they assess their impact on your environment, this is sometimes called battle damage assessment. This is also the time and place for active measures designed to slow down an adversary, gain valuable intelligence on their methods and then to share that information with the remainder of your defenders to specifically harden the rest of your enterprise against an on-going attack.

 

Flexibility is actually a relative principle. You need to preserve as many options as you can while limiting the options available to your attacker. The successful application of flexibility means you can sustain damage and recover from it much faster than an attacker can take advantage of that fact to get in front of an on-going attack. 

 

Mass is where you gain numerical or capability superiority at a specific place and time critical to countering an attacker and potentially even counter-attacking within the bounds of law. Anything that can be done to limit the amount of relative force an attacker can bring to bear and to increase the momentary force you bring to the defense fits under this principle.

 

While using an attack lifecycle is a valuable tool to understand the expected progression of an attack, in order for it to be truly effective, it should be combined with the 4 defensive principles. Using defensive principles along with active intelligence and network deception offer the best hope to defeat an enemy you cannot pursue. I will discuss each of these in more detail in future posts. For more information on how HP’s enterprise security products can help you know your enterprise to defend your critical information, visit hp.com/go/espservices.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation