Flat Slovník

Active defense

A proactive cybersecurity strategy that uses threat intelligence, threat hunting, and deception technologies to anticipate, disrupt, and mitigate cyber attacks before they cause significant impact.

Active defense is a proactive, intelligence-driven cybersecurity strategy that goes beyond traditional passive security measures such as firewalls and antivirus software. Rather than simply fortifying defenses and waiting for attacks to occur, active defense involves continuously monitoring, detecting, and responding to threats in real time — or even pre-emptively. It leverages threat intelligence to understand adversary tactics, techniques, and procedures (TTPs), enabling security teams to anticipate and disrupt potential attacks before they cause significant damage.

Key operational practices within active defense include proactive threat hunting to uncover hidden intrusions, deploying deception technologies such as honeypots to lure and study attackers, and executing rapid incident containment strategies. The core objective is to increase the cost, complexity, and risk for adversaries while reducing their dwell time within compromised networks. By transforming cybersecurity from reactive damage control into an agile, forward-looking discipline, active defense systematically strengthens an organization's resilience against persistent and sophisticated cyber threats.

← Back to Glossary