"The best offense is a good defense."
-Author Unknown
"The best defense is to go on offense."
-Scott Quimby
If you have been reading our Tech Tidbits over time, you know that a Security Operations Centers (SOCs) that provide 24x7x365 "eyes on glass" over your endpoints, or better still, over your entire network and firewalls, etc. is the best of breed protection available today.
We think of SOCs as the ultimate defense, with SOC analysts walking the walk to keep your district safe.
However, what is slowly coming to light is that when many SOCs alert and go into a "shields up" to maximize the defensive protection against the bad guys, the department down the hall is coordinating an active offensive attack, reversing the stream, using the same telemetry and actively attacking the bad guys attacking you!
How cool is that?
Most of these SOCs and EDR vendors maintain "Red Teams" that actively try to break the SOCs and EDR vendors' latest configurations as white hat hackers. This is one test to prove that the latest release or configuration is secure.
What has been unspoken in most circles is that when bad things happen, some of these internal Red Teams tend to the bad guys to try to take them out or slow them down in their clients' attacks. It is right out of a movie script.
Imagine having your own little secret cyber army waiting to inflict pain on those who attempt to break into your network.
Vendors are reluctant to discuss their covert offensive capabilities, so we hear many "I can't confirm or deny" statements, but the whispers are increasing.
And remember, I was never here, and I said nothing.
-Scott Quimby
Senior Technical Advisor, CISSP
Acture/CSI
You must be logged in to post a comment.