* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://www2.paloaltonetworks.com/blog/category/cybersecurity-2/)
* The Cybersecurity Canon: ...

# The Cybersecurity Canon: Offensive Countermeasures: The Art of Active Defense

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense%2F)  
[](https://twitter.com/share?text=The+Cybersecurity+Canon%3A+Offensive+Countermeasures%3A++The+Art+of+Active+Defense&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense%2F&title=The+Cybersecurity+Canon%3A+Offensive+Countermeasures%3A++The+Art+of+Active+Defense&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/02/the-cybersecurity-canon-offensive-countermeasures-the-art-of-active-defense/&ts=markdown)  
\[\](mailto:?subject=The Cybersecurity Canon: Offensive Countermeasures: The Art of Active Defense)  
Link copied  
By [Robert Clark](https://www.paloaltonetworks.com/blog/author/robert-clark/?ts=markdown "Posts by Robert Clark")  
Feb 08, 2016  
5 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)  
[cybersecurity canon](https://www.paloaltonetworks.com/blog/tag/cybersecurity-canon/?ts=markdown)  
[John Strand](https://www.paloaltonetworks.com/blog/tag/john-strand/?ts=markdown)  
[Offensive Countermeasures](https://www.paloaltonetworks.com/blog/tag/offensive-countermeasures/?ts=markdown)  
[Paul Asadoorian](https://www.paloaltonetworks.com/blog/tag/paul-asadoorian/?ts=markdown)  
[SANS Institute](https://www.paloaltonetworks.com/blog/tag/sans-institute/?ts=markdown)

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/12/cybersec-canon-red-500x218.png)  
[![cybersec-canon-red-500x218](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/12/cybersec-canon-red-500x218-500x218.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2015/12/cybersec-canon-red-500x218.png)

*We modeled the Cybersecurity Canon after the Baseball or Rock \& Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. [Please write a review and nominate your favorite](https://paloaltonetworks.com/threat-research/cybercanon/nominate-a-book.html).*

*The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!*

**Book Review by** [**Canon Committee Member, Robert Clark**](https://www.paloaltonetworks.com/threat-research/cybercanon/cyber-security-canon-bios.html)**:** *Offensive Countermeasures: The Art of Active Defense (2013)* by John Strand and Paul Asadoorian

### Executive Summary

John and Paul (PaulDotCom) state the intention of *Offensive Countermeasures: The Art of Active Defense* best, "It is our hope that this book is just the beginning of a wider conversation on the topic of hacking back." According to numerous reviews found online, most feel it accomplishes that objective and I would agree that it is only a start. It is written for those already in the information security space who have an understanding of defending networks. However, with that said, many critiques found it light on substance and more of a cursory look at active defense. This and the subject matter make it a good read but not Canon-worthy. If the Canon requirement is "To identify a list of must-read books . . . where the content is timeless . . . if not read, will leave a hole in the cybersecurity professional's education that will make the practitioner incomplete," not reading this book will not leave a hole, only because there are now many other methods to obtain this information in an updated form. The book is an excellent introduction to many active defense methods. The introduction gives a cursory, but now dated, look at some legal cases, and then the text is divided into three core sections: Annoyance, Attribution and Attack.

### About the People

[![strand](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/02/strand.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/02/strand.png)John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course co-author of SANS 504: Hacker Techniques, Exploits, and Incident Handling.

When not teaching for SANS, John co-hosts Security Weekly, the world's largest computer security podcast. He is the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He has presented for the FBI, NASA, the NSA, and at DefCon.

PaulDotCom is, well, PaulDotCom.

### The Story

As the book title states, *Offensive Countermeasures* breaks down the same into three categories: Annoyance, Attribution and Attack. Annoyance is basically wasting an attacker's time introducing the readers to one of the military's favorite acronyms OODA: observe, orient, decide and act. Attribution is just that, focusing on knowing not only who is attacking you but also their capabilities and tactics. Finally, Attack, helping one develop approaches to "planning and thought" and gaining access to an attacker's systems. Bookending the three core sections are an introduction covering some dated legal decisions and a final chapter on Core Concepts.

For full disclosure, I am a cyberspace attorney with some decent technical understanding. So I defer to many of the supposed "techies" who have posted reviews online as to the technical content of the three main chapters. The majority state that this is a good overview, but short on substance, and even refer you to John and Paul's podcasts. Moreover, John's instruction on this topic can be found in numerous places, such as SANS, Blackhat, podcasts, etc. I would assume that information is more up-to-date than when this book was published in 2013.

Again I fall back on the authors' intent, to get the discussion going. I think their introduction to the Attack section states it best, "This is the step of this book that you will need to work out with your legal department. You may also want to coordinate with law enforcement as required." As one who tries to espouse Clark's Law to rival Moore's Law, Clark's law is to get your lawyers involved early and often so they don't slow down operations and can get you to yes. Explain the technology at a third-grade level to them (lawyers) so we can understand it and explain it to senior leaders (C-Suite) or others. So I appreciate John and Paul's introduction of the book with the law and their caveats throughout the book.

### Conclusion

I'll leave it to an Amazon review of *Offensive Countermeasures* by a Mr. Anderson in September of 2013, "Overall this book provides a good review of high level concepts with some minor depth of what organizations can do to better protect their assets using both defensive and offensive strategies. I was just hoping for a more technical explanation, and more advanced techniques, but the book does cover what it states."

And the final word goes to John's SANS colleague, lawyer Benjamin Wright, who stated a couple of months before that, "This book helps the public debate about computer defense get beyond some old, worn-out taboos. Lawyers, politicians and government officials need to read this book and expand their understanding of effective, ethical digital security and privacy."

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Cybersecurity Canon Candidate Book Review: "Abundance: The Future Is Better Than You Think](https://www2.paloaltonetworks.com/blog/2018/09/cybersecurity-canon-candidate-book-review-abundance-future-better-think/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Cybersecurity Canon - American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road](https://www2.paloaltonetworks.com/blog/2018/01/cybersecurity-canon-american-kingpin-epic-hunt-criminal-mastermind-behind-silk-road/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### We're Down to the Last Two Contestants In the 2018 Cybersecurity Canon People's Choice Awards!](https://www2.paloaltonetworks.com/blog/2017/10/last-two-contestants-2018-cybersecurity-canon-peoples-choice-awards/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards: The Final Four](https://www2.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-final-four/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards: Vote Now for Round 3](https://www2.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-vote-now-round-3/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards -- Round 2: Did Your Favorites Make the Cut?](https://www2.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-round-2-favorites-make-cut/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language