Active Cyber Defence means taking proactive action against an attack between internal systems and computers. It constitutes the thermocline dividing pure defensive and offensive action; detecting and intercepting an impending attack, either in advance of its preparation or in self-defensive action. Active Cyber Defence encompasses the protection of sensitive information, the integrity of data stored on the network, the integrity and security of computer software and hardware, and the continuity of service in case of system failure. While it involves both prevention and response, in most cases active Cyber Defence is initiated before the damage is done.
The goal of any Cyber Defence effort is to halt or prevent an impending attack. Most attacks are initiated from the outside world and as such most Cyber Defence efforts focus on securing the systems that control external communications and information. Examples of these systems may include the networks of centralised command and control facilities, the internal networks that support the operation of the business or the public sector, the internet itself, corporate and governmental networks, and any other systems used to provide information, processes, or services. Additionally, it may include a wide range of information security systems used to guard financial transactions, confidential information, or physical assets.
In order to protect the physical networks where information is stored, many measures must be put in place. For example, it is important to have a highly functional, redundant and scalable network that can withstand an ongoing attack. Other important features include a system to respond to an emergency or threat quickly. Also, in many cases there should be a system in place to monitor system performance and identify problems in real time.
The effectiveness of a Security Management System depends on how the system is configured and managed. For example, when a network is configured to detect an impending attack and act upon it, the Security Management System may only protect the infrastructure at hand. This may include information contained on the network’s mainframe computers or that is located inside a building or network. In other cases, however, the Security Management System may also contain mechanisms to alert and respond to an event outside of the network, such as a fire alarm or smoke detector.
As a general rule, the more information the security systems can access the greater the amount of information that it can store and retrieve. for later use. The more information the security system can store, the greater the ability for it to predict and prevent any future threats.
In most cases, a Security Management System may provide the basis for any ongoing cyber security effort, including Cyber Defence. However, it is not always necessary to employ a Security Management System when a more basic type of protection is in place. Often, it is sufficient to have the system and infrastructure in place, such as the application firewall. The security system can be added or supplemented as the need arises.