Blog Posts

“Active Defense” definition!

Many recent articles on "Active Defense" seem to just sensationalize the topic and draw broad sweeping conclusions based on so-called experts with little research, though analysis, or seeking to help resolve the true problem, that companies today are under massive attack with little to no help.

  "Active Defense" has made a lot of headlines lately.  Most relate it to hack back.  The main complaint or concern by those against "Active Defense" and many of those just being cautious, is that without attribution of your attacker you could be hitting an innocent bystander.  I say bunk.  Attribution is not that important.  Read on.

Ever wonder how you would do digital forensics if the data you have placed in the Cloud was hacked or compromised?  Well, thinking about it before it happens is your first step and your best step.

In this post I discuss my views on Active Defense in the context of setting the record straight on what I said in a recent Bright Talk panel discussion.  Is Active Defense illegal?  No!  Is attribution impossible?  No! And many other issues.

  Much has been written lately about active defense, or as some call it, hack back.  Unfortunately much of what has been written puts it in a negative context.  When you really understand what active defense is you will quickly see that active defense will help companies improve their security posture.

  As a business owner do you believe you could identify all of the potential risks to your business?  Is cyber security or data breach one of those identified risks?  If yes what have you done about it?  If no, why not, is your security better than the Pentagon, CIA and the White House, because they got hacked.

A lot of noise has been made lately about hack back, active defense, cyber self-defense, or what amounts to this question: should companies be able to hack back to deal with all of the cyber attacks they are currently facing?  Well, it depends?  But that is another discussion.  My question is what will the Auernheimer decision do to the theories of the security professionals who seem to advocate hack back?  Will they continue to advocate or quickly back off?

At RSA Europe last week Davi Ottenheimer and I introduced our "Active Defense" package and how companies can take the fight to the hackers beyond their network.  Vigilantism?  No!  But you decide.  Here is the link the write up in the UK Register:http://m.theregister.co.uk/2012/10/12/active_defence/, or see the whole article here.

See my recent article published on FoxNews.com opinion section.  Protecting yourself and your business from cyber attacks in light of the White House hack by the Chinese.