Proactive services are designed to detect & prevent attacks before there is an actual impact on the production systems. In this category of services, the information generated by the CSIRTs gets disseminated to their constituency and partners for protecting their assets and avoid being target of an attack.
The common proactive services are:
- Tech Watch
- Security Audits/Pentests
- Tools development
- Intrusion Detection
- Threat intelligence sharing
A good example is the use of honeypots in order to proactively detect on-going attacks which can provide valuable information to the CSIRTs. The information is fed into the protections systems like IDS/IPS for preventing the attacks