{"id":12083,"date":"2016-02-08T14:00:27","date_gmt":"2016-02-08T22:00:27","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=12083"},"modified":"2020-04-21T14:26:48","modified_gmt":"2020-04-21T21:26:48","slug":"the-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/02\/the-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense\/","title":{"rendered":"The Cybersecurity Canon: Offensive Countermeasures: The Art of Active Defense"},"content":{"rendered":"

\"cybersec-canon-red-500x218\"<\/span><\/div><\/a><\/p>\n

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite<\/a>.\u00a0<\/em><\/p>\n

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!<\/em><\/p>\n

Book Review by\u00a0<\/strong>Canon Committee Member,\u00a0Robert Clark<\/strong><\/a>:<\/strong>\u00a0Offensive Countermeasures: The Art of Active Defense (2013)<\/em>\u00a0by John Strand and Paul Asadoorian<\/p>\n

Executive Summary<\/h3>\n

John and Paul (PaulDotCom) state the intention of Offensive Countermeasures: The Art of Active Defense<\/em> best, \u201cIt is our hope that this book is just the beginning of a wider conversation on the topic of hacking back.\u201d According to numerous reviews found online, most feel it accomplishes that objective and I would agree that it is only a start. It is written for those already in the information security space who have an understanding of defending networks. However, with that said, many critiques found it light on substance and more of a cursory look at active defense. This and the subject matter make it a good read but not Canon-worthy. If the Canon requirement is \u201cTo identify a list of must-read books . . . where the content is timeless . . . if not read, will leave a hole in the cybersecurity professional\u2019s education that will make the practitioner incomplete,\u201d not reading this book will not leave a hole, only because there are now many other methods to obtain this information in an updated form. The book is an excellent introduction to many active defense methods. The introduction gives a cursory, but now dated, look at some legal cases, and then the text is divided into three core sections: Annoyance, Attribution and Attack.<\/p>\n

About the People<\/span><\/h3>\n

\"strand\"<\/a>John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course co-author of SANS 504: Hacker Techniques, Exploits, and Incident Handling.<\/p>\n

When not teaching for SANS, John co-hosts Security Weekly, the world's largest computer security podcast. He is\u00a0the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He has presented for the FBI, NASA, the NSA, and at DefCon.<\/p>\n

PaulDotCom is, well, PaulDotCom.<\/p>\n

The Story<\/h3>\n

As the book title states, Offensive Countermeasures<\/em> breaks down the same into three categories: Annoyance, Attribution and Attack. Annoyance is basically wasting an attacker\u2019s time introducing the readers to one of the military\u2019s favorite acronyms OODA: observe, orient, decide and act. Attribution is just that, focusing on knowing not only who is attacking you but also their capabilities and tactics. Finally, Attack, helping one develop approaches to \u201cplanning and thought\u201d and gaining access to an attacker\u2019s systems. Bookending the three core sections are an introduction covering some dated legal decisions and a final chapter on Core Concepts.<\/p>\n

For full disclosure, I am a cyberspace attorney with some decent technical understanding. So I defer to many of the supposed \u201ctechies\u201d who have posted reviews online as to the technical content of the three main chapters. The majority state that this is a good overview, but short on substance, and even refer you to John and Paul\u2019s podcasts. Moreover, John\u2019s instruction on this topic can be found in numerous places, such as SANS, Blackhat, podcasts, etc. I would assume that information is more up-to-date than when this book was published in 2013.<\/p>\n

Again I fall back on the authors\u2019 intent, to get the discussion going. I think their introduction to the Attack section states it best, \u201cThis is the step of this book that you will need to work out with your legal department. You may also want to coordinate with law enforcement as required.\u201d As one who tries to espouse Clark\u2019s Law to rival Moore\u2019s Law, Clark\u2019s law is to get your lawyers involved early and often so they don\u2019t slow down operations and can get you to yes. Explain the technology at a third-grade level to them (lawyers) so we can understand it and explain it to senior leaders (C-Suite) or others. So I appreciate John and Paul\u2019s introduction of the book with the law and their caveats throughout the book.<\/p>\n

Conclusion<\/h3>\n

I\u2019ll leave it to an Amazon review of Offensive Countermeasures<\/em> by a Mr. Anderson in September of 2013, \u201cOverall this book provides a good review of high level concepts with some minor depth of what organizations can do to better protect their assets using both defensive and offensive strategies. I was just hoping for a more technical explanation, and more advanced techniques, but the book does cover what it states.\u201d<\/p>\n

And the final word goes to John\u2019s SANS colleague, lawyer Benjamin Wright, who stated a couple of months before that, \u201cThis book helps the public debate about computer defense get beyond some old, worn-out taboos. Lawyers, politicians and government officials need to read this book and expand their understanding of effective, ethical digital security and privacy.\u201d<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting …<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[251,1750,1749,1751,415],"coauthors":[1286],"class_list":["post-12083","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-canon","tag-cybersecurity-canon","tag-john-strand","tag-offensive-countermeasures","tag-paul-asadoorian","tag-sans-institute"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/12083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=12083"}],"version-history":[{"count":3,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/12083\/revisions"}],"predecessor-version":[{"id":109912,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/12083\/revisions\/109912"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=12083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=12083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=12083"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=12083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}