By: Tony Pugielli on July 6th, 2018


What Is an "Active Adversary" Approach, and Is It the Future of Cybersecurity?


What Is an 'Active Adversary' Approach, and Is It the Future of CybersecurityPassive, reactive, and automated, the conventional whack-a-mole approach to commercial cybersecurity has failed. Instead, we must proactively address cybersecurity through measures such as the active adversary pursuit approach.

Military professionals have long acknowledged that no passive cybersecurity defense is invulnerable — the only way to effectively defend against online threats is to proactively target and disrupt the intruders before they come knocking. Yet cybercrime is increasingly prevalent in the private sector, in large part because defensive security teams are still waiting for criminals to make the first move.

That’s why some enterprise cybersecurity experts are taking a page from the military’s book. Security firms and private corporations are turning to an “active adversary pursuit” approach modeled after strategies originally developed by national security specialists.


Whack-A-Mole: The Traditional Approach

Conventional cybersecurity defense systems leverage a huge assortment of tools that are, by and large, passive, reactive, and automated. A combination of firewalls, encryption, security sensors, telemetry tools, and automated response protocols make up the basic framework of such systems.

No matter how advanced the actual technology in these systems are, the real problem is with the actual approach — nothing can be done to stop cybercrime until a criminal approaches and triggers these mechanisms. And of course, intruders aren’t just going to walk blindly into the traps that we set for them. Before they even attempt an attack, these criminals study, test, and develop tools with which to defeat them, like lockpickers with plenty of time and instantaneous feedback into what’s working and what isn’t.

What’s more, once hackers have breached these traditional security systems, they’re almost never detected until long after they’ve had free range to pilfer anything and everything of value. Once the breach is detected, defenders traditionally patch the vulnerability that was exploited, then wait for the cycle to repeat with another successful attack. The result is an futile game of whack-a-mole that leaves defenses continually reacting too late to an endless barrage of costly intrusions.


Active Adversary Pursuit: The Asymmetric Approach

What the perpetrators are not looking for is an active human defender, which is the element that makes active defense so attractive to many of the cybersecurity industry’s foremost experts.

First used in enterprise settings by a group of ex-military security professionals in 2013, an active adversary approach operates from the foundational belief that “the only effective counter” to malicious adversaries is another human being. The core strategy is to “pit an active, thinking defender against an active, thinking attacker.” These active defenders, trained to think like the adversary, can identify attack vectors before they occur and take preemptive steps to neutralize threats before the real damage is done.

Active adversary pursuit practitioners also use a kind of digital forensics in that they attempt to locate artifacts left behind by intruders in order to identify, monitor, and disrupt attacks — not just after the fact, but before and during them as well. The tactics these criminals use are constantly evolving, so security systems need good intelligence to stay updated. An active adversary pursuit approach puts a premium on the rapid acquisition and implementation of good intel.


The Right Approach to Cybersecurity

Commercial IT teams are often asked to wear many hats, and in the the daily crusade to keep the printers printing and the WiFi working, security often ends up taking a backseat. Given that a cybersecurity skills gap is already forcing many companies to think creatively about finding new security talent, very few enterprises are prepared to dedicate employees to full-time active defense.

That’s why these companies should reach out to the true experts in cybersecurity for help. Outsourcing cyberdefense to managed IT services providers with teams of dedicated defense experts like Turn-key Technologies can not only drastically improve your cybersecurity in the short-term — it can save your business plenty of time, resources, and money in the long run.