Issue link: https://securitytechnologyexecutive.epubxp.com/i/118926
COOL AS McCUMBER By John McCumber Published by Cygnus Business Media, Inc. The Age of Active Defense How security pros are turning back hacks T here���s a new term that taken hold in the cyber security community as strongly as the cloud has in the broader IT industry ��� it is called active defense. Active defense is an interesting term ��� it conjures up visions of large government data operations centers tracking incoming attacks and preparing to launch counter strikes against foreign agents sending over malicious packets in a spiteful response. But what really is an active defense? At the recent RSA Conference, there was a lot of talk about the concept. It has been around for more than a decade, but has achieved new traction due to technologies that do a much better job of tracking, tracing and reassembling packets. Additionally, a growing cadre of security researchers and the explosive growth of security operations centers has enabled professionals to better coordinate to identify, isolate and locate malfeasant actors. Recently, a U.S.-based security company, Mandiant, even publically identified China as the source for many attacks. The Chinese, understandably, responded with facts of their own showing targeted cyber attacks within their geographical boundaries originating in the United States. See www.securityinfowatch.com/10881127 for the full story. There are calls from some in our community to interpret active defense as a ���hack-back,��� or returning attacks to organizations where they originate. Not only is this interpretation fraught with the technical problems of proxies and ���false flag��� incidents, it is also likely illegal under U.S. law. Of course, jurisdictional issues have always been a concern in cyberspace ��� as much depends on where the illegal activities take place and the laws in force there at the time. In an amorphous and interconnected digital world, our legal system can still only be invoked within geographical boundaries and international treaties. How do you best interpret and implement active defense within your organization? To the savvy security practitioner, active defense is leveraging new technology to actively monitor and track aberrant behavior within organizational data management systems. This requires more effort than traditional preventative capabilities ��� it requires the use of new technologies that actually allow you to capture, analyze and identify attacks against your systems and data. It is no secret that recent attacks have been far more sophisticated than previous hacking activities. Attackers are seeking out specific data resources and using our own ease-of-use capabilities to exploit vulnerabilities within our systems. Active defense is something you should be doing now. It is not about getting back at attackers ��� it is simply a return to the ages-old first rule of security: protect thyself first. ��� John McCumber is author of ���Assessing and Managing Security Risk in IT Systems: A Structured Methodology,��� from Auerbach Publications. E-mail him at Cool_as_McCumber@cygnusb2b.com. 56 SECURITY TECHNOLOGY EXECUTIVE �� April 2013 www.SecurityInfoWatch.com EDITORIAL Group Publisher ...................................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 ��� nancy.brokamp@cygnus.com Editorial Director/Editor-in-Chief ............................................... Steve Lasky 800.547.7377 ext. 2221 ��� steve.lasky@cygnus.com Managing Editor.........................................................................Paul Rothman 800.547.7377, ext. 2226 ��� paul.rothman@cygnus.com Contributing Technical Editors David G. Aggleton, CPP Kevin Beaver, CISSP Ray Bernard, PSP, CHS-III Ray Coulombe Robert Lang, CPP John R. McCumber Robert Pearson, CPP Ronald Worman Editorial Advisory Board Christopher B. Berry, CPP, VP Global Security & Safety, Henry Schein Inc. George Campbell, Emeritus Faculty Advisor, Security Executive Council Eric W. Cowperthwaite, CSO, Providence Health & Services Elizabeth Lancaster Carver, Member Svcs. and Projects Mgr., Security Executive Council Richard L. Duncan, CPP, Dir. Security, Hartsfield-Jackson Atlanta Int'l Airport John B. Leavey, Director of Corporate Security, AIG Karl Perman, Director of Security, North American Transmission Forum Art Director.......................................................................Elizabeth C. Barbieri Production Manager ............................................................. Jane Pothlanski 631-963-6296 ��� jane.pothlanski@cygnus.com Audience Development Manager........................................... Wendy Chady SUBSCRIPTIONS CUSTOMER SERVICE Toll-Free (877) 382-9187; Local (847) 559-7598 Email: Circ.SecTechExec@omeda.com SALES CONTACTS Midwest Sales Ryan Olson 800.547.7377 ext. 2719 ryan.olson@cygnus.com East Coast Sales John Lacasale 800.547.7377 ext. 6288 john.lacasale@cygnus.com West Coast Sales Bobbie Ferraro 310.545.1811 bobbie.ferraro@cygnus.com Display Sales Erica Finger 800.547.7377 ext. 1324 erica.finger@cygnus.com LIST RENTAL Elizabeth Jackson 847-492-1350 x18 ��� ejackson@meritdirect.com CYGNUS REPRINT SERVICES To purchase article reprints please contact Nick Iademarco at Wright���s Media 1-877-652-5295 x102 or e-mail niademarco@wrightsmedia.com SECURITYINFOWATCH.COM Group Publisher ......................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 ��� nancy.brokamp@cygnus.com Managing Editor ............................................................... Joel Griffin 800.547.7377 ext. 2228 ��� joel.griffin@cygnus.com CYGNUS BUSINESS MEDIA CEO, John French CFO, Paul Bonaiuto EVP Public Safety & Security, Scott Bieda VP Events- Public Safety & Security, Ed Nichols VP Production Operations, Curt Pordes VP Audience Development, Julie Nachtigal VP Technology, Eric Kammerzelt VP Human Resources, Ed Wood www.SecurityInfoWatch.com