Mike Mimoso has a very good article on active defense at Threatpost. (Yes, we are linking to them a lot today).

While every corporate general counsel, CIO and anyone with a CISSP will tell you that hacking back against adversaries is illegal and generally a bad thing to do, there are alternatives that companies can use to gain insight into who is behind attacks, collect forensic evidence and generally confound hackers, perhaps to the point where they veer away from your network.

The one thing the article doesn’t spend enough time on is how useful these approaches can be for triggering alerts in your security monitoring. Especially if you correlate two or more events, which are highly unlikely to be a false positive.

I wrote about this last June with some definitions.

Finally, the CrowdStrike guys need to get their messaging lined up. Mixed messages aren’t great when you are in pretend-stealth mode.

Share: