Definition[]
Defensive countermeasures
“ | includes actions to identify the source of hostile cyber activities; protection/mitigation at the boundary (e.g., Intrusion Protection Systems (IPS), pre-emptive blocks, blacklisting); hunting within networks (actively searching for insiders and other adversaries or malware); passive and active intelligence (including law enforcement) employed to detect cyber threats; and/or actions to temporarily isolate a system engaged in hostile cyber activities.[1] | ” |