Proactive and Reactive Security

Adopting proactive security measures means actively improving application design and implementation as well as using preventive measures to avoid security breaches. For example, using firewall appliances in the DMZ environment, implementing security design using design patterns, and using best practices are proactive strategies. Security architects and developers often need to defend such a strategy by presenting a business case that clearly explains its benefits. Doing so is not always easy.

Adopting reactive security measures means performing a series of post-incident remedial or corrective actions that address security threats and their resulting damage. Reactive security measures are a response to an actual security breach after it has occurred: identifying the problem, determining the possible cause, and restricting further damage. Examples of reactive security measures include using service continuity and recovery strategies, antivirus tools, patch management, and so on.

In practice, it is important to strike a balance between proactive and reactive security options by studying the trade-offs and effects based on business requirements such as regulatory mandates, technological dependencies and potential operating costs.