Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Defensive Strategy - The 4 Principles of Active Defense

ChrisCalvert ‎05-21-2014 09:59 AM - edited ‎07-07-2015 11:15 AM

A basic principle of warfare is to seize, retain and exploit the initiative. And let's be honest, we are living with an Internet that occasionally feels like warfare and we aren't allowed to fight back. Initiative is what we, as defenders in the cyber domain, have never had—in fact we don't like to admit to ourselves that we are both in a fight and often losing. But there are enterprise security products that can help you know your enterprise to defend your critical information.


It’s worth discussing the question: “What, exactly, does it mean to have the initiative?” If you are waiting on your adversary to do something, at which point you will respond, you do not have the initiative. If you are building static defenses to protect yourself and your key assets, you still do not have the initiative. To have the initiative, you must be actively creating the scenarios where you intend to draw-in your adversaries and demolish them. Once they make contact with your network, if they are responding to your tripwires and traps, or are being unknowingly mined for intelligence, THEN you have the initiative. This is an active defense.


There are 4 principles of defense that have been subjected to thousands of years of scrutiny and refinement. These are the principles of:

1. Security
2. Disruption
3. Flexibility
4. Mass


Security is the fact that you know the area you are protecting and can keep track of assets, identities, networks, vulnerabilities etc. Protecting the forces available to you so that you can employ them at the appropriate time in an active defense is step 1. This is the most boring and yet likely, the most important aspect of an overall enterprise defense.


Disruption is the principle that you should never allow an attacker a break; find every way you can to disrupt their activities or to mislead them as they assess their impact on your environment, this is sometimes called battle damage assessment. This is also the time and place for active measures designed to slow down an adversary, gain valuable intelligence on their methods and then to share that information with the remainder of your defenders to specifically harden the rest of your enterprise against an on-going attack.


Flexibility is actually a relative principle. You need to preserve as many options as you can while limiting the options available to your attacker. The successful application of flexibility means you can sustain damage and recover from it much faster than an attacker can take advantage of that fact to get in front of an on-going attack. 


Mass is where you gain numerical or capability superiority at a specific place and time critical to countering an attacker and potentially even counter-attacking within the bounds of law. Anything that can be done to limit the amount of relative force an attacker can bring to bear and to increase the momentary force you bring to the defense fits under this principle.


While using an attack lifecycle is a valuable tool to understand the expected progression of an attack, in order for it to be truly effective, it should be combined with the 4 defensive principles. Using defensive principles along with active intelligence and network deception offer the best hope to defeat an enemy you cannot pursue. I will discuss each of these in more detail in future posts. For more information on how HP’s enterprise security products can help you know your enterprise to defend your critical information, visit

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all