Today's Threat Landscape and how organization are changing their approach on security

In today's threat landscape, attacks are becoming more advanced, complex and sophisticated. The attack surface and threat vector show no signs of slowing down as threat actor continues to find vulnerabilities to penetrate into our infrastructure.

Most of us are probably thinking why and how could this may have happened with all of the preventative technologies that we have on the network. Let's take a moment to brainstorm.

Imagine you have a paper cup filled with water. The surface of the paper cup is the attack surface. The pen you are holding is the threat actor and the water, of course, is your critical asset. As you poke holes at the paper cup, water starts to pour out. The natural instinct to address the leak is to plug the hole "with a quick fix" to prevent water from leaking. We then do this for the second hole and third and so on ...

Now, take a deep breath and close your eyes. Think about the number of times we have purchased a tool or develop a process/standards/policy to plug a hole either for either regulatory compliance or from a security assessment that was done without understanding the full requirements, how would this "new shiny thing" change our current security operation, improvement to our security program, risk, etc...

We have spent countless energy in creating layers of security and hope that one of them would be able to identify and defend the 'bad guys' from penetrating into our network. This approach with today's threat landscape is no longer an effective solution. Instead of just creating layers of security, we need to assess and enable our tools to work with each other and share relevant threat intel feeds. For example, when an alert is raised by one of your security tools, we should look for ways to auto ingest that piece of IOC information into the rest of the security stack, build logic around it and transform that into a preventative control. This automation approach would shorten incident response, freed up workloads and enable security analyst to shift their focus on critical threats that warrants followup.