When it comes to security, there are two kinds of organizations — turtles and raptors.  When an adversary attacks your organization, your posture as a turtle or a raptor matters quite a bit.

A turtle organization has a hard, outer shell, but a soft, vulnerable interior.  The organization spends a lot on firewalls and intrusion prevention systems.  The turtle erects tall, secure walls at every edge of the network.  There are clear DMZs and everyone at the organization stays on top of maintaining a secure perimeter defense.  The organization’s treasure is kept safe and secure, surrounded by the tallest walls.

Attackers love turtles.  The perimeter always has holes.  There are always paths into the organization that bypass the perimeter defense.  Users bring in malware through web browsers, inadvertently compromise computers with infected USB drives, or unwittingly click on malicious links in emails.  On-premise wi-fi access points let attackers park outside and hack in through the walls.  Once that initial breach is made, the attacker pilfers the organization’s treasure.  Turtles are the organizations you read about in the news.

A raptor organization understands that the network is like a sponge.  The organization knows attackers can come in from any angle, and constantly watches the entire network.  The raptor organization does not wait for something to happen.  Instead, the raptor constantly surveys its environment, and aggressively pursues any evidence of breach, aggressively pursuing attackers.  The raptor knows that the best defense is a good offense.

Attackers shun raptors.  Attackers know that a raptor organization will immediately investigate suspicious activity.  The raptor deploys active defenses designed to deceive attackers and automatically shut down attacks.  The raptor knows that simple data analysis is not the answer — today’s threats require an active response.

Is your organization a turtle or a raptor?  Does your organization cower in a shell, deluded into thinking that a perimeter defense keeps it safe?  Or does your organization deploy active defenses, deception technology, and aggressively pursue attackers?