Businesses expend tremendous effort on preventing and detecting attacks while allowing legitimate activities to continue unimpeded. This leads to a number of brittle solutions, which don’t provide the ability to detect most attacks before they penetrate the network.
But what if you could identify which visitors are likely attackers before hostile actions occur? You would have a Minority Report-style situation, where you could respond to attacks that haven’t happened yet. You could design your networks to automatically tighten security against just those people, while allowing everyone else free access to your services.
While there’s no way to actually gauge the intentions of people accessing your servers, there are some fairly reliable indicators. You might monitor for the early reconnaissance phases of an attack to identify the perpetrator, but they are likely to switch tools and servers between casing your network and actually launching the attack. The best approach is to use some cyber-jujitsu, leveraging the attacker’s own tools to discover him.