C ondu cting an A ctive D ef ense A ctive D ef ense consists of delib erately planned and ex ecu ted def ensive actions called “missions.” Each mission is followed by activities designed to capture lessons learned and enhance organizational learning. Missions include one or more specific objectives and a defined end-state, and they may last between one day and several weeks. Mission ob j ectives ty pically inclu de the implementation of one or more targeted cou ntermeasu res to defeat specific threat scenarios or deliberately planned activities to identify hidden intruders (hunting). A lthou gh individu al missions may take the f orm of proj ects, an A ctive D ef ense program is conducted as an iterative operational cycle. Each cycle focuses on defending a specific asset or group of assets from a specific threat actor and may include one or more missions. The operational cycle includes phases for planning, mission execution (of one or more missions) and cycle review. Each mission within the operational cycle also includes analogou s phases f or planning, ex ecu tion and review . Identif y likely W eekly Analyze threat actors and Define desired Plan CTI brief scenarios end- state H igh- valu e asset or adversary f ocu sed Realize improvements M aintain D el iberatel y E x ecu te p l anned, m ission H arden focused Com p l icate H u nting or fortification R eview C aptu re lessons A chieve desired learned end- state E nhancing y ou r secu rity operations w ith A ctive Def ense | 7
Enhancing your Security Operations with Active Defense Page 8 Page 10