The following video corresponds to a talk presented by Roberto Martinez at the Campus Party in Mexico

I high ly recommend watching this video since it explains as security in real life should be, instead of installing devices and ticking a checkbox :)

I would resume the talk as:

  • Information gathering
  • Intelligence
  • Honeypots
  • Feed all your information in a SIEM system to monitor the network activity.
  • Deception and counter attacks: resource exhaustion, dropping exploits
  • Deanonimation and tracking at tackers:  decloaking and using our DNS to track the attacker.

In my opinion, I would also add Darknets or sinkholes to gain more extra intelligence :)