Access your Pro+ Content below.
Offensive security involves proactive deception tactics
This article is part of the February 2013/ Volume 15 / No. 1 issue of Information Security magazine
The discussion about the viability of enterprises to go on the offense against cybercriminal gangs is reaching a fevered pitch, with most experts questioning the legality of striking back at attackers. But security experts point out that there are some “offensive-like” tactics that have the ability to drive up the cost of hacking into a corporate network, and if deployed properly, the techniques could have a major impact on the threat landscape. “There are interesting questions about how far one can go and what types of attackers striking back will actually be effective against,” said Hugh Thompson, chief security strategist at Sunnyvale, Calif.-based Blue Coat Systems Inc. and RSA Conference program committee chairman. Thompson said he anticipates a greater discussion about offensive tactics in sessions at the annual security event scheduled at the end of February. “It doesn’t necessarily have to go from zero to launching a full out assault against cybercrime infrastructure. It could be much more subtle things like feeding ...
Features in this issue
Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.
2013 IT security trends reveal mobile device security tops the list of priorities for security pros this year.
Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.
News in this issue
Going on the offense doesn’t mean actively targeting cybercriminals, experts say. Deceptive tactics, phony documents can help trip up attackers.
Columns in this issue
Information Security Magazine reveals the results of its 2013 Security Priority Survey and examines the security risks associated with purchasing IT hardware from China. Elsewhere in the issue, infosec pros share their strategies for BYOD security.
University information assurance programs are varied, but they are beginning to provide technology disciplines a level of security knowledge.
No ultimate test can give third-party software a clean bill of health, but careful assessment can help organizations gain more control over vendors.