Warning: Undefined array key 0 in /data/www/22702/dcg420_org/www/wp-content/themes/eventim/functions.php on line 1048

Warning: Attempt to read property "ID" on null in /data/www/22702/dcg420_org/www/wp-content/themes/eventim/functions.php on line 1048

Warning: Undefined array key 0 in /data/www/22702/dcg420_org/www/wp-content/themes/eventim/functions.php on line 1048

Warning: Attempt to read property "ID" on null in /data/www/22702/dcg420_org/www/wp-content/themes/eventim/functions.php on line 1048
(ENG) Active Defense Gray Zone – Intro – DCG420
   

Search

ADGZENGIntro

(ENG) Active Defense Gray Zone – Intro

29.4.2022
C81D9860-C113-4D32-B372-5635E27DF6C8-1200x1200.jpeg

This is the English version of our older article in Czech.

——————————

This article should answer your questions about what Active Cyber Defence (ACD) and Active Cyber Defence Gray Zone (ADGZ) are and how they can be used.

The definition of active cyber defence has been addressed in the past by, for example, the University of Washington, which defined the term as a range of techniques (for us more like TTPs) that should be implemented to increase the resilience of the environment when defending it in the face of today’s modern cyber threats. It is important to emphasize that when defending our own environment in the context of new threats, their complexity and criticality, we defenders must also approach ever new TTPs that may be on the edge of what is and what is not yet legal. A prerequisite for this realization is then the cooperation between the private and public sector (note that the publication was created for the US authorities and individual states), as each sector has different possibilities (legislative) to use the tools etc.

While the author team defines ADGZ in translation as „…a term that encompasses a spectrum of proactive cybersecurity measures that fall between traditional passive defenses and offensive defenses. These activities fall into two general categories, the first of which includes technical interactions between the defender and the attacker. The second category of active cyber defense includes those operations that allow defenders to gather intelligence about threat actors and indicators on the Internet, as well as other policy tools (e.g., sanctions, indictments, trade remedies) that can change the behavior of malicious actors. The term active defense is not synonymous with „hacking back“ and the two terms should not be used interchangeably…“ and pursues its goal of emphasizing the need for cooperation between the public and private sectors and the possibilities of using individual TTPs in a collaborative manner, we view ADGZ as a range of options for how to approach the security of our own environment, how to use them without crossing the line that ADGZ suggests.

 

Original definition ADGZ

Source: Into the Gray Zone: Active Defense by the Private Sector against Cyber Threats

  

ADGZ by DCG420 v1.0

Our definition of ADGZ is logically based on the University of Washington. But we have modified and unified some TTPs with respect to their use and approach.

How to perceive ADGZ

In order to understand and visualize the Gray Zone at all, knowledge of the classic cyber killchain, which divides the actions of an attacker into different phases, is essential. From this concept, it is then possible to derive essentially three basic phases of an attack, underneath which are the individual steps of the killchain.

These stages are:

Phase 1: External preparation of the attacker: (I. Research, II. Creation of malware, III. Decision on the target of the attack)

Phase 2: Disruption: (IV. Delivery, V. Gaining a foothold)

Phase 3: Active Penetration: (VI. Establishing a connection with C2, VII. Extension and preparation, VIII. Activities to meet the objective(s))

 

These phases are especially important for understanding the actions of the attacker. The attacker does not necessarily have to proceed from one step to another, but can go back or skip steps. The defense in depth tries to match the steps of the attacker, but unfortunately, according to the statistics, it is not very successful. Therefore, it is necessary to complement this defensive defense with proactive and active elements of defense so that they do not go into the offensive operation phase. The goal is to gain as much information as possible about the attacker and then turn his attention to targets that are in a controlled deceptive environment. There, it is possible to exhaust the attacker’s resources and thereby deter or control him from attacking completely.

 

ADGZ by DCG420 v1.0

 

Changes:

  • Creation of the category Detterence
  • Creation of the category Intelligence sharing
  • Creation of the category Red teaming
  • Merging of Beacons categories

Simplified designation of high impact categories (in orange) – these TTPs can only be carried out by a legislatively designated body.

previousActive Defense Gray Zone v2.0 by DCG420

next(ENG) Active Defense Gray Zone v2.0 by DCG420

cs_CZCzech
en_GBEnglish cs_CZCzech