Active defense has long been a staple of government security teams to protect the nation-state, but the use of these methods at the enterprise level is a source of great debate. Many in the security community fear unregulated vigilantism, or harsh punishments for penetration testers and "white hat" hackers simply looking for vulnerabilities. Recent legislation at the federal and state levels have been proposed to allow corporations to "hack back" when under threat of persistent attacks, but it is too vague and lacks a clear definition of what "hack back" is. In this session, Columbia University Computer Science Professor Salvatore Stolfo will examine the differing degrees of active defense methods. There are strategies organizations can use to protect their data without becoming vigilantes, breaking laws, destroying systems or posing a threat to personal or public safety.
One of these active defense strategies for organizations to consider is non-lethal knowledge attacks against the adversary utilizing scalable deception technology. In this scenario, AI-powered decoy documents feed phony, but highly believable data to the adversary. The attacker essentially self-selects the knowledge attack response by the actions of hacking and exfiltrating the decoy documents. This creates a level of uncertainty that the adversary has succeeded in stealing something of value. In a knowledge attack, the intruder's systems and devices are not affected or intentionally harmed. The key challenge is to avoid interference with the target victim's business processes. This strategy changes the asymmetry of the defender/attacker game, in favor of the defender, and is entirely legal with respect current federal and state legislation.