OFFENSIVE SECURITY
DEFENSIVE SECURITY
PURPOSE
Offensive Security focuses on proactively attacking and exploiting vulnerabilities to test and improve the security of a system.
Defensive Security focuses on protecting against and responding to attacks.
INITIATOR
Offensive Security initiatives are usually initiated by an organization or a group of individuals who want to test the security of their systems or those of others.
Defensive Security initiatives are usually initiated by an organization or individual in response to a perceived threat or to prevent an attack from occurring.
GOAL
The goal of Offensive Security is to identify and exploit vulnerabilities to improve the overall security posture of a system.
The goal of Defensive Security is to prevent attacks from occurring and to mitigate the impact of an attack if one does occur.
TECHNIQUES
Offensive Security techniques include penetration testing, vulnerability assessment, and red teaming.
Defensive Security techniques include firewall configuration, intrusion detection and prevention systems, and security incident and event management (SIEM).
PERSPECTIVE
Offensive Security involves looking at a system from an attacker’s perspective and attempting to find ways to compromise it.
Defensive Security comprises looking at a system from the perspective of a defender and attempting to identify and mitigate potential vulnerabilities.
LEGAL CONSIDERATIONS
Offensive Security activities can sometimes be illegal, depending on the jurisdiction and the specific actions taken.
Defensive security activities are generally legal.
ETHICAL CONSIDERATIONS
Offensive Security activities can be considered unethical if they are performed without the consent of the owner of the system being tested.
Defensive security activities are generally considered ethical.
KNOWLEDGE
Offensive Security typically requires a deeper understanding of how systems and networks work and how to exploit vulnerabilities.
Defensive Security typically require a broader understanding of security principles and best practices.
ACTIVE VS PASSIVE
Offensive Security involves actively attempting to compromise a system.
Defensive Security involves passively protecting against potential attacks.
TOOLS
Offensive Security often involves the use of tools and techniques, such as exploit frameworks and custom malware.
Defensive Security does not use the tools used in Offensive Security, such as exploit frameworks and custom malware.
Offensive Security professionals may have a more specialized skillset, as they focus on a specific area of security (e.g. web application security or network security).
Defensive Security professionals typically have a more general understanding of security principles and practices.
TEAM DISTINCTION
Offensive Security professionals may work in a “red team” or “ethical hacking” role.
Defensive Security professionals may work in a “blue team” or “security operations” role.
FOCUS
Offensive Security is often more focused on finding and exploiting specific vulnerabilities.
Defensive Security is more focused on implementing a broad range of controls to protect against a wide range of potential threats.
ACTIVITY STATUS
Offensive Security is typically more reactive, as it is usually initiated in a response to a specific vulnerability or attack.
Defensive Security is typically more proactive, as it is focused on preventing attacks from occurring in the first place.
FUNCTION
Offensive Security is often focused on testing the security of a specific system or network.
Defensive Security is focused on protecting an entire organization’s assets and infrastructure.