Proactive defense assumes attackers are already inside and actively searches for them — through threat hunting, purple teaming, red team exercises, and intelligence-driven detection.
Reactive defense: wait for alerts. Proactive defense: assume breach, go looking. Mean dwell time for APTs is 200+ days — proactive hunting finds them sooner. Intelligence-driven: use TI about specific threat actors targeting your industry to guide hunts.