Active Defense

Active defense can refer to a defensive strategy in the military or cybersecurity arena.

The Department of Defense defines active defense as: "The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy." This definition does not specify whether it refers to physical actions, or cyber-related actions.

In the cybersecurity arena, active defense may mean "asymmetric defenses," namely defenses that increase costs to cyber-adversaries by reducing costs to cyber-defenders. For example, an active defense data protection strategy invented by CryptoMove leverages dynamic data movement, distribution, and re-encryption to make data harder to attack, steal, or destroy. Prior data protection approaches relied on encryption of data at rest, which leaves data vulnerable to attacks including stealing of ciphertext, cryptographic attack, attacks on encryption keys, destruction of encrypted data, ransomware attacks, insider attacks, and others. Three ACM computing conferences have explored Moving Target Defense as a strategy for network and application-level security as well, for instance by rotating IP addresses or dynamically changing network topologies.

Some have defined active defenses as including of deception or honeypots, which seek to confuse attackers with traps and advanced forensics. Examples of such honeypot technologies include Illusive Networks, TrapX, Cymmetria, Attivo, and others. Other types of active defenses might include automated incident response, which attempts to tie together different response strategies in order to increase work for attackers and decrease work for defenders.

Recently, the Department of Homeland Security and financial institutions have identified Active Defense as a top priority for security industrial infrastructure systems.