The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on its worth to you and the likelihood of theft.
Your corporate network and data are the same. Protecting the valuable assets within your network requires layers. Often called defense in depth, this strategy offers multiple levels of security tools and strategies that are designed to guard against attacks.
However, these security systems aren’t perfect, and that’s exactly what threat actors are determined to exploit. In your home, you may have put the jewels in the safe, but if the safe isn’t locked, anyone can gain access. Same with your SOC. If your defense system has gaps, it’s only a matter of time before someone will gain access to your data.
Fear of patching
Having a state-of-the-art security system that appears to cover every type of attack is good, but you may not be addressing how threat actors access your system or what they’re looking for. Adversaries don’t like change, Phil Neray, VP of cyber defense strategy at CardinalOps, said at Splunk’s .conf23 event. Stolen credentials and exploited vulnerabilities remain the most popular attack vectors, according to Verizon’s Data Breach Investigations Report.
But if users within the company are ..
Support the originator by clicking the read the rest link below.
