What these five strategies show is that, in essence, active defense is a playbook that puts security analysts in a position they are not often in: playing offense. Some of these techniques can be used outside of active defense, but they are more powerful when used collectively in an active defense context. It is likely that as the power of deception and active defense is well understood, deception will become a standard layer in most cybersecurity portfolios.
The patterns of cyber attacks are well known and so are the targets. The bad guys are seeking to break in to get valuable data or take actions that benefit them, and want to go undetected for as long as possible. There are a number of solutions out there dedicated to prevention, system lock-down, prevention of lateral movement, and otherwise detecting anomalous behavior.