Offense versus defense. Proactive versus reactive. In many parts of an enterprise, teams need to make choices between preparing for upcoming events, or waiting until they occur – and nowhere so much as on the security team. Do you wait until the attackers make themselves known in your networks before you remediate the impact? Or is it better to strategize how and where attacks may take place, so that you can avoid attackers making inroads at all?
In the past couple of decades, when security control testing and attacks weren't quite as sophisticated as they are now, the security posture was more likely to be reactive. Also, traditional testing wasn't designed to be as forward-looking: Its limitations meant that multiple threat vectors couldn't be tested at once, nor could results be derived quickly enough to have rapid impact on attacks.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
