Cyber Defense

Cyber Defense

Anticipatory Active Defenses by Bryce Galbraith

bryce-galbraithWe IT pros often commiserate about our struggles to implement effective security within our organizations, butAPTs have no sympathy for our challenges and frustrations. They know we struggle; they're counting on it. They know application whitelisting in full lockdown is hard to implement. They know passwords are the bane of security. They know most organizations aren't even close to fully implementing the Critical Security Controls, and they know social engineering works. So they relentlessly and methodically seek out our weaknesses and exploit them without mercy. If we fail, they win. It's that simple.

Bryce Galbraith is a SANS instructor who has spent over 20 years studying how hackers do these things. He


Announcing the online winners of...

The Final Cyber Defense Challenge 2015 Leaderboard

CD_Challenge_Top50_Wk9 (2)-page-001


Cyber Defense Challenge 2015 Week 8 Results by Week, Top 50 and Alphabetical Order


Cyber Defense Challenge Leaderboard Week 7 by Week, Top 50 and Alphabetical Order

CD_Challenge_Alpha_Wk7-page-001 (1)

FAQ on Law of Active Defense by Attorney Benjamin Wright

Q: Is Active Defense a well-defined topic in law and professional ethics?

caption id="attachment_8227" align="alignleft" width="214

_RGP2269_web Attorney Ben Wright

A: No. A great deal of cyber law, including Active Defense, is not well-defined. In cyber law, there is never a 100% guarantee that legal authorities will reach any particular conclusion about any particular activity. Legal understanding of topics like infosec and cyber crime is fluid and rapidly changing.

Q: What are leading US laws that could be relevant to Active Defense?

A: One is the federal Computer Fraud and Abuse Act. It generally forbids accessing a computer without authority and causing harm. Another is the