Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
Halborn Logo

// Blog


Offensive Security: When Attack Is the Best Form of Defense


Rob Behnke

February 24th, 2022

In just the last year, an estimated $6B in damages were suffered by businesses and consumers at the hands of cybercriminals. And, by the year 2025, the overall damage from cybercrime is projected to reach more than $10.5 billion per annum.

That’s why, in an environment like this, innovative digital security models are needed to stop the massive growth in the rate of cybercrime and offensive security is one of the innovative models that takes a more proactive approach to defending against cyber security attacks.

What Is Offensive Security?

Offensive security is a computer security management framework that advocates the use of proactive (or offensive) techniques to target cybercriminals and actively mitigate their attacks. In essence, offensive security takes a diametrically opposite approach to traditional, more passive security management.

The traditional security model uses largely defensive techniques, such as software patches and firewalls, to protect digital networks and systems. With these techniques, you are largely focused on waiting for when hackers strike. In contrast, the offensive security approach recommends actively “fighting back” against cyber attacks via three levels of response – the three A’s: annoyance, attribution, and attack – which we cover in the below section.

The Three A’s of Offensive Security: Annoyance, Attribution and Attack

The three A’s of offensive security represent different levels of response against a security attack. The first, and the mildest, response level is annoyance. The goal of the annoyance response is to simply annoy the attacker and make them expend excessive resources in their hacking attempts.

Typical annoyance techniques include leading attackers astray via establishing false digital resources, such as directories and files with dummy data. Attackers try to gain access to these resources in the belief that they are getting their hands on useful data, only to find empty or dummy resources. Using a well-designed system of false ports and directories, annoyance techniques may be used to significantly frustrate and slow down attackers.

The second response level is attribution. Attribution techniques are used to actively identify attackers and expose their digital identities, such as IP addresses. The offensive security framework says that the attackers themselves should be made aware that their digital identities are exposed. Knowing that they have been caught out in the open often acts as a massive deterrent to many cybercriminals.

A typical way to implement attribution techniques is through the use of web beacons, also known as web bugs. These digital objects are embedded in the resources and files that might be stolen by hackers. After the hacker steals the resource, web beacons are used to track and identify them in the digital universe.

The third, and the most radical, response level in the offensive security framework is attack, where you would use this response level to directly attack the systems and resources of the hacker. This should be reserved for severe cases where annoyance and attribution are not effective on their own.

For more information on how Halborn uses offensive security techniques to keep organizations safe, reach out to our cybersecurity experts at