Adversaries Know Our Security Infrastructure is Fragmented and Take Advantage of Blind Spots to Stay Below the Radar
Approximately 30 years ago, Dr. Persi Diaconis discovered that it takes seven shuffles to mix a deck of cards thoroughly so that the order of the cards is random. Since then, others have continued this research and now find the number of times you need to shuffle can be much higher depending on the technique used. The point is, it takes some work to create “randomness” – a lack of pattern or predictability. It really isn’t as easy as most of us think.
Similarly, when we talk about security and the whack-a-mole phenomenon, it’s common to think that we’re facing an endless, random cycle of new threats popping up continuously. When, in fact, there may be very little that’s random about it. Chances are, threat actors aren’t going through the work of continuously creating entirely new attack campaigns. They’re using tools and tactics over and over again – and successfully accomplishing their missions for two main reasons.
First, threat actors know our security infrastructure is fragmented. Our layers of protection and security teams are largely unintegrated and operate in silos, so we have little visibility into what is truly happening across the environment. Adversaries take advantage of these blind spots to stay below the radar.
Second, because each layer in the security architecture creates its own logs and events, security professionals are drowning in data. Every indicator can reveal malicious behavior, but security analysts struggle to know where to begin. On the surface, each alert or indicator of compromise appears to ..
Support the originator by clicking the read the rest link below.
