Active Defense The “active” part of Active Defense is realized by the execution of deliberately planned sets of defensive operations that are known as “missions.” The use of the term “mission” conveys the fact that the operational process proceeds with a signiÕcant amount of analytical rigor and discipline in order to achieve maximum effectiveness in accomplishing the organization’s security goals. Missions are planned in response to speciÕc threat intelligence in the unique context of the defended organization. Active Defense benefits are clear: • For the security operations team, Active Defense provides a deÕned set of improvement activities rationalized by CTI and connected to achievable objectives. The team builds countermeasures, hunts hidden intruders, and fortiÕes defenses based on real reporting about the behavior of real attackers. • For decision-makers, Active Defense connects resource deployment directly to measures of cybersecurity program effectiveness. Instead of focusing on performance measures like the “number of patches applied” and the “number of tickets closed,” effectiveness is demonstrated via a decrease in successful targeted attacks and a decrease in the time required in discovering and eradicating the attacks that were successful. For more information, please see www.ey.com/activedefense