As the ecology of online attacks has evolved, so have defenders' methods. In 2009, the then-classified Comprehensive National Cyber Initiative -- the U.S. government's cyber security strategy -- espoused the concept of offense informing defense. The maxim suggested that defenders needed to use data from actual attacks to help them create specific defenses to protect critical infrastructure and corporate networks. In the past two years, security professionals have increasingly embraced the concept but have generally not ventured outside their own firewalls.
Now, some security experts are recommending that companies take it further and that defenders should go on the attack. At the Source Boston security conference last week, for example, Iftach Ian Amit, an independent security consultant who claims to have conducted several offensive operations, told attendees that companies need to consider counterintelligence operations.
"We can be much more active" in defending our network, he said. "Counter intel is fair game.... Everything around is yours; you better know everything that goes on out there."
While attackers do reconnaissance and information gathering on their corporate targets, most companies are taking a passive stance and waiting for an attack, he said. Like medieval defenders of a castle, today's companies are sitting behind their digital walls with only a narrow view of what's happening outside their network. Instead, companies must collect intelligence and act to blunt attacks before they happen, Amit said. They should do their own research on attackers, figure out which ones are behind any probes targeted their networks and conduct limited attacks in return.
"You want to find out who's leaking data? Put data that looks interesting inside an organization, and see where it ends up," he said. "It works. Trust me, we've done this numerous times. It's fun."