When I watch sports, like basketball, American football, or rugby, I am drawn to the defence. I find defence amazing. It might be why I’m utterly drawn to the San Antonio Spurs.
There is a counter-intuitiveness that goes with enjoying defence. The dunks, touchdowns, tries, and goals are sexy. And people strive towards the sexy.
I’ll admit, breaking is fun. Programmers design things to work and hackers find ways to think around the programmer. That’s hot.
Then we think of defenders. These blue collar, hard working everymen. They don’t get the love. They don’t get the movies made about them.
But if you are a fan of sports, you see something happening over and over. Offence might seem to win the game, because the team with the most points wins. But defence makes that win possible. When we think about what is possible, what we are able to do, we think about defence. We stop their stud. We block the ball. We win because we cannot be penetrated.
That’s why I like the idea of active defence in infosec. You don’t build a firewall and cross your fingers. You look and you listen. You analyse what is happening. You employ the help of engineers, machines, and analysts. And you see a problem. You reverse engineer the criminals’ malware. You find where they live. And you go after them.
The easiest points in basketball come from a turnover; the defenders make a steal or a block, pass the rock up the court, and an easy dunk ensues.
To be an active defender, you have to be a hacker. You have to be capable of attacking and you have to be capable of explanation and protection.
I want to explore active defence. I want to explore how we can identify a hacker and then make that hackers life miserable, because stealing money from people is not cool, because deleting someones photos is not cool, because shutting down a hospital is not cool. Let’s not just block the hackers from our network. Let’s block them and then pass that rock and make that dunk.