Cybersecurity professionals tend to focus more on the defensive side of security. That鈥檚 the nature of the job after all鈥攚hen adversaries attack, we defend.听
But defense is only half of the equation.
Hackers are always evolving their tradecraft. They鈥檙e finding new ways to break into networks and systems, and they鈥檙e getting very good at defense evasion. With all the new tactics, techniques and procedures attackers are using, the traditional approach of defense-only cybersecurity isn鈥檛 enough.
Many businesses are realizing the need to develop both offensive and defensive strategies. But what鈥檚 best to focus on, playing offense or playing defense?
Defensive cybersecurity is all about blocking. This could come in the form of both tools and actions. You have your defensive tools that are designed to prevent or mitigate the effects of a cyberattack鈥攕uch as antivirus software, firewalls, etc. And then you have your defensive actions, which include things like patching software and fixing system vulnerabilities.听
Offensive cybersecurity, on the other hand, is all about tackling and outmaneuvering. The focus here is on seeking out the hackers, and in some cases, attempting to disable or 鈥渉ack back鈥 to disrupt their operations. Offensive cybersecurity can also help identify vulnerabilities or weaknesses in your defense. It鈥檚 a slightly more proactive approach to security and can include practices like penetration testing and threat hunting.听
No matter which side of the field you鈥檙e on, the goal of any cybersecurity strategy should always be preventing the hackers (a.k.a. the opponent) from winning. But that brings us back to our original question: should we be playing offense or defense in cybersecurity?
The answer is both.听
The best teams know how to block and tackle. In cybersecurity, building the best possible defense means folding in some offensive strategies to gain intel on attackers and how they鈥檙e trying to penetrate your systems.
As I mentioned, almost every business or IT team has implemented the basics鈥攖hat鈥檚 typically your AV, firewall, two-factor authentication, etc. But vulnerabilities exist at multiple touchpoints today and the basics just can鈥檛 keep up anymore.听
There鈥檚 no single layer of security that will keep you protected. To solve for this, we鈥檝e started adding more layers and talking about defense in depth. With a multi-layered approach like defense in depth, the idea is to make initial access or compromise harder for the hacker. When you group a series of defenses together鈥攍ike intrusion prevention, data encryption, supply chain management, user privilege policies and patch management鈥攜ou effectively close the holes that one single solution can鈥檛 address.听
But of course, a fish will get through a net if it鈥檚 small enough. A forward will get past a defender if they鈥檙e fast enough. A hacker will get bypass defensive security layers if they鈥檙e skilled enough.听
One of the more problematic (and costly) gaps most businesses have is they lack the ability to identify attackers once they are already inside the network. So how are you expected to defend against something you don鈥檛 even know is there?
The key is faster threat detection, which starts by unleashing more offensive techniques to uncover the hackers who are hiding in your environment.听
The hardest part is that this first requires a mindset shift鈥攆rom doing all you can to prevent a breach, to assuming compromise and hunting for clues or breadcrumbs. That鈥檚 the main idea behind zero trust security.听
One of the better ways to get on offense is to go threat hunting. Threat hunting is an offensive technique of searching for cyber threats that are lurking in the shadows. But according to a 2020 survey we took of 350+ IT professionals, 82% claimed they do not have a strong working knowledge of threat hunting.
Essentially, threat hunting allows you to turn the tables on attackers and take a more proactive approach to cybersecurity. Whether through an internal team or partnership, having defenders proactively looking for indicators of pending or active threats can make all the difference in stopping cyberattacks in their tracks.听
Instead of waiting to be notified of a breach, this approach heavily relies on threat intelligence and understanding hacker tradecraft.
And the best threat hunting doesn鈥檛 rely on automation or artificial intelligence to do this鈥攊t uses human analysts who can think like the enemy and know how to identify warning signs.
Of course, there鈥檚 a level of skill and knowledge required to be a threat hunter鈥攚hich brings me to the next best offensive technique: education.听
Recommended Reading: Why Cybersecurity Education is the Key To Outsmarting Hackers
Continuous learning and cyber education can help fine-tune your skills and stay one step ahead of attackers. For example, capture the flag challenges like or are great exercises to boost your own knowledge and put your skills to the test. There鈥檚 also no shortage of cybersecurity-focused events and conferences you can attend to exchange experiences with your peers and hear from experts on how they go about handling and mitigating the latest threats.
If you鈥檙e ready to level up your skills, you should re-watch all of our sessions from hack_it 2021.2! You'll learn from industry experts as they solve cyber crimes, peer into the corners of the dark web and even cook up some macro-enabled malware. Our sessions were packed with useful tips and tricks鈥攊f you missed the live event, you can catch all the recordings here.
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
