Attivo Networks Blogs

What is Active Defense?

An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out. Slowing down or derailing the attacker so they cannot advance or complete their attack increases the probability that the attacker will make a mistake and expose their presence or reveal their attack vector.

While the term active defense is often associated with military applications and protecting critical infrastructure and key resources (CIKR), it also applies to information technology (IT) security. In cybersecurity, an active defense raises the financial cost of an attack in terms of wasted processing power and time. Applying offense-driven strategies is critical to being able to detect and stop not only external threat actors, but also insiders and attackers with varying motivations including ransomware, extortion, and cryptojacking.

An active defense complements offense-driven actions so that organizations can proactively detect and derail attacks early and gather the threat intelligence required to understand the attack and prevent a similar recurrence. Sometimes active defense includes striking back at an attacker, but this is normally reserved for military and law enforcement that have the resources and authority to confirm attribution and take appropriate action.

Deception technology that is designed to detect an attacker early in the attack cycle by obfuscating the attack surface with realistic device decoys, attractive bait, and breadcrumbs for misdirecting the attack often plays an important role in active defense. The deception environment tricks the attacker or malware into engaging and leads them to believe they are escalating their attack, when in fact, they are wasting their time and processing power and may actually be providing the defender with counterintelligence.

The forensic information gathered through an active defense can then be applied to prevention, isolation and threat hunting defenses to stop a live attack, find forensic artifacts and prevent the attack from resurfacing. For a full active defense, the activities don’t stop at detection, but provide equal value in attack analysis, forensic reporting and the use of automation to expedite incident response.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

9 + 4 =

Ready to find out what’s lurking in your network?

Scroll to Top